HCIA - Datacom

V1.0

Dr. Asmaa Boughrara

 Network Management and O&M

age 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Forewor
d

The ever expanding network and increasing network devices present a
significant challenge in managing networks effectively and providing high-
quality network services.

There are many network management and O&M methods, of which this
course describes some of the most common.

age 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objective
s

On completion of this course, you will be able to:
▫ Understand basic concepts of network management and O&M.

▫ Master common network management and O&M methods.

▫ Describe basic functions of network management and O&M.

▫ Understand the fundamentals of SNMP.

▫ Understand Huawei iMaster NCE and related technologies.

age 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Content
s
1. Basic Concepts of Network Management and O&M
2. SNMP Fundamentals and Configuration
3. Network Management Based on Huawei iMaster NCE

age 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 What Is Network Management and
O&M?

Network management and O&M plays an important role on a communications
network. It ensures that devices work properly and the communications network
runs properly to provide efficient, reliable, and secure communications services.
The network
administrator
manages and
maintains the
network for stable
operation.

Network
administrator

Common enterprise network architecture

age 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 What Is Network Management and
O&M?
Network management and O&M is classified as software management or hardware
management.

 Software management: management of network applications, user accounts

(such as accounts for using files), and read and write permissions.
This course does not describe software management in detail.

 Hardware management: management of network elements (NEs) that

constitute the network, including firewalls, switches, routers, and other
devices.
This course mainly describes hardware management.

Generally, an enterprise network has dedicated departments or personnel

responsible for network management and O&M.

age 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Network Management Functions

Configuration Performanc Fault Security Accounting

management e manageme manageme manageme
managemen nt nt nt
t

OSI defines five functional models for network management:

▫ Configuration management: monitors network configuration information so that network administrators
can generate, query, and modify hardware and software running parameters and conditions, and
configure services.
▫ Performance management: manages network performance so that the network can provide reliable,
continuous, and low-latency communication capabilities with as few network resources as possible.
▫ Fault management: ensures that the network is always available and rectifies faults as soon as possible.
▫ Security management: protects networks and systems from unauthorized access and attacks.
▫ Accounting management: records the network resource usage of users, charges users, and collects
statistics on network resource usage.

age 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Management Modes
iMaster NCE-based Network Management and
Traditional Network Management and O&M
O&M
ERP Video Office OS Advertisement
conferencing operations

Commercial application

Northbound API

`
Analysis
Network
automatio Network
n Control intelligen
Managemen ce
t
iMaster
Web SNMP-based NCE
Cloud platform
CLI
system centralized
mode
mode management

Network administrator Network management station Data center Campus WAN Branch

age 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Content
s
1. Basic Concepts of Network Management and O&M
2. Traditional Network Management
3. Network Management Based on Huawei iMaster NCE

age 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Management Through the CLI or Web
System

When the network scale is small, the CLI and web system are generally used for network
management.
▫ Network administrators can log in to a device through HTTPS, Telnet, or the console port to manage
the device.

▫ These network management modes do not require any program or server to be installed on the
network, and the cost is low.

▫ Network administrators must have a good master of network knowledge and vendor-specific network
configurationVendor Vendor
commands. Vendor Vendor Vendor Vendor Vendor
A A A A B C D
▫ These modesSwitch Firewall
have great AC when Router
limitations Router
the network scale isSwitch Switch
large and the network topology is
complex.

One-to-one
management
Network
administrator
age 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMP-based Centralized
Management

SNMP is a standard network management protocol widely used on TCP/IP networks. It
provides a method for managing NEs through a central computer that runs network
management software, that is, a network management station.

• Network administrators can use the NMS to

query information, modify information, and
troubleshoot faults on any node on the
network, improving work efficiency.
SNMP • Network devices of different types and
packet
exchange vendors are managed in a unified manner.
One-to-many
management

NMS Network
administrator

age 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical SNMP Architecture

On a network where SNMP is used for network
Clien management, a network management system
t SNMP
message (NMS) functions as a network management center
Monito
r and runs management processes. Each managed
Provides a visualized
device needs to run an agent process. The
interface. management process and agent process
NM communicate with each other through SNMP
S messages.
Network
management 
An NMS is a system that uses SNMP to manage
process
and monitor network devices. The NMS software
IP runs on NMS servers.
Network

Managed devices are devices that are managed
Agent Agent Agent by the NMS on the network.
process process process 
The agent process runs on managed devices to
Managed Managed Managed maintain the information data of the managed
device device device
devices, respond to the request from the NMS,
and report the management data to the NMS that
age 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved. sends the request.
 SNMP Message Exchange
NMS Managed • The NMS and managed devices exchange
Network object messages in the following modes:
management ▫ The NMS sends a request for modifying or querying
process configuration information to a managed device
1 2 3
Tra
through SNMP. The agent process running on the
p managed device responds to the request from the
NMS.
Query/Modify

Query/Modify

▫ The managed device can proactively report traps to

Request

response

the NMS so that the network administrator can detect

faults in a timely manner.
• Managed object: Each device may contain
Agent
process multiple managed objects. A managed object can
be a hardware component or a set of parameters
configured on the hardware or software (such as a
routing protocol).
• SNMP uses management information bases (MIBs)
Managed
device to describe a group of objects of a manageable
entity.
age 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MIB
roo
t
iso • A MIB is a database containing the variables that
ccitt (1) joint-iso-ccitt are maintained by managed devices. (The
(0) (2)
org variables can be queried or set by the agent
(3) processes.) The MIB defines the attributes of
dod managed devices in the database.
(6) OID:1.3.6.1. ▫ Object identifier (OID) of an object
internet 2 ▫ Status of an object
(1) ▫ Access permission of an object
mgmt (2) ▫ Data types of an object
• A MIB provides a structure that contains data on
mib all NEs that may be managed on the network.
(1) Because the data structure is similar to the tree
system interface ...
structure, a MIB is also called an object naming
(1) (2)
tree.

... ...

age 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Common MIB Objects

Objects used for query or modification:
Maximum
OID Object Name Data Type Description
Access
Number of network interfaces in
1.3.6.1.2.1.2.1 ifNumber Integer read-only the system (regardless of the
current interface status)
1.3.6.1.4.1.2011.5.25.
hwIpAdEntNetMask IpAddress read-create Subnet mask of an IP address
41.1.2.1.1.3


Objects used for alarm notification:
Object
OID Bound Variable Description
Name
It is detected that one of the communication links in
ifIndex
the ifOperStatus object has entered the down state
ifAdminStatus
3.6.1.6.3.1.1.5.3 linkDown from another state (but not the notPresent state).
ifOperStatus
The original state is indicated by the value of
ifDesc
ifOperStatus.

age 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMP Management Model
NMS
Network • Query/Modify operation:
management ▫ The NMS sends an SNMP request message to an
process
agent process.
SNMP message
▫ The agent process searches the MIB on the
exchange
device for information to be queried or modified
Agent
process and sends an SNMP response message to the
NMS.
MIB • Trap operation:
▫ If the trap triggering conditions defined for a
module are met, the agent process sends a
Managed object
message to notify the NMS that an event or trap
has occurred on a managed object. This helps
network administrators promptly process
Managed network faults.
devices
age 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMPv1
NMS IP Managed
What's the IP
Network device
Get address
of GE 0/0/1

Response 10.0.1.1/24
What's the IP
GetNext address
of GE 0/0/2

Response 10.0.2.1/24
Set the IP address
of
Set GE 0/0/3 to
10.0.3.1/24.
Setting
Response
succeeded.

The CPU usage is

Trap
too high.

age 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMPv2c
NMS IP
Managed
Network device
Get

Response

GetNext

Response

Set

Response

Query the IP addresses Trap

of
GetBulk The IP address of GE 0/0/1
all interfaces on the
device is...
Response
The IP address of GE 0/0/2
is...
Inform The CPU usage is too high.

Response Alarm received.

age 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMPv3

SNMPv3 has the same working mechanism as SNMPv1 and SNMPv2c, but adds header data
and security parameters.

SNMPv3 messages can be authenticated and encrypted.

SNMPv3 is applicable to networks of various scales and has high security.

NMS IP Managed
Network device

Authenticates all
exchanged messages
and encrypts
messages.

age 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMP Summary

SNMP has the following advantages:
▫ Simplicity: SNMP is applicable to networks that require high speed and low cost because it uses a polling mechanism
and provides basic network management functions. Moreover, SNMP uses UDP to exchange data and therefore is
supported by most products.

▫ Convenience: SNMP allows management information exchange between arbitrary devices on a network, so that a
network administrator can query information and locate faults on any device.


SNMPv1 applies to small-scale networks where security requirements are not high or the network
environment is safe and stable, such as campus networks and small-sized enterprise networks.

SNMPv2c applies to medium- and large-sized networks where security requirements are not high or the
network environment is safe, but a large volume of traffic exists and traffic congestion may occur.

SNMPv3 is the recommended version and applies to networks of various scales, especially those networks
that have high security requirements and allow only authorized administrators to manage network
devices.

age 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic SNMP Configuration (1)
1. Enable the SNMP agent function.

[Huawei] snmp-agent

2. Set the SNMP version.

[Huawei] snmp-agent sys-info version [v1 | v2c | v3]

You can configure the SNMP version as required. However, the protocol version used on the device
must be the same as that used on the NMS.
3. Create or update MIB view information.
[Huawei] snmp-agent mib-view view-name { exclude | include } subtree-name [mask mask]

4. Add a new SNMP group and map users in this group to the SNMP view.

[Huawei] snmp-agent group v3 group-name { authentication | noauth | privacy } [ read-view

view-name | write-view view-name | notify-view view-name ]

This command is used to create an SNMP group of the SNMPv3 version and specify the authentication
and encryption mode and one or more of read-only view, read-write view, and notification view. It is a
mandatory command on networks that require high security.

age 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic SNMP Configuration (2)
5. Add a user to the SNMP group.

[Huawei] snmp-agent usm-user v3 user-name group group-name

6. Configure an authentication password for an SNMPv3 user.

[Huawei] snmp-agent usm-user v3 user-name authentication-mode { md5 | sha | sha2-256 }

7. Configure the SNMPv3 user encryption password.

[Huawei] snmp-agent usm-user v3 user-name privacy-mode { aes128 | des56 }

8. Set parameters for the device to send traps.

[Huawei] snmp-agent target-host trap-paramsname paramsname v3 securityname

securityname { authentication | noauthnopriv | privacy }

age 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic SNMP Configuration (3)
9. Configure the target host of traps.

[Huawei] snmp-agent target-host trap-hostname hostname address ipv4-address trap-

paramsname paramsname

10. Enable all trap functions.

[Huawei] snmp-agent trap enable

Note that this command is used only to enable the device to send traps. This command must be used
together with the snmp-agent target-host command. The snmp-agent target-host command
specifies the device to which traps are sent.

11. Configure the source interface that sends traps.

[Huawei] snmp-agent trap source interface-type interface-number

Note that a source IP address must have been configured for the interface that sends traps.

age 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMP Configuration Example
(Network Device Side)

GE0/0/1
NMS R1 R1configuration:
192.168.1. [R1]snmp-agent
Managed [R1]snmp-agent sys-info version v3
10 device [R1]snmp-agent group v3 test privacy
• Enable SNMP on R1and set the SNMP version to [R1]snmp-agent usm-user v3 R1 test authentication-
SNMPv3. mode md5 HCIA@Datacom123 privacy-mode
• Set the SNMPv3 group name to test and aes128 HCIA-Datacom123
encryption authentication mode to privacy. [R1]snmp-agent target-host trap-paramsname
• Create an SNMPv3 user named R1 and set the param v3 securityname sec privacy
authentication and encryption passwords to [R1]snmp-agent target-host trap-hostname nms
HCIA-Datacom123. address 192.168.1.10 trap-paramsname param
• Create a trap parameter named param and set [R1]snmp-agent trap source GigabitEthernet 0/0/1
securityname to sec. [R1]snmp-agent trap enable
• Set the IP address of the SNMP target host to Info: All switches of SNMP trap/notification will be
192.168.1.10. open. Continue? [Y/N]:y
• Enable the trap function and specify GE 0/0/1 as
the source interface that sends traps.

age 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Content
s
1. Basic Concepts of Network Management and O&M
2. Traditional Network Management
3. Network Management Based on Huawei iMaster NCE

age 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transformation and Challenges of the
Network Industry

With the advent of the 5G and cloud era, innovative services such as VR/AR, live streaming, and
autonomous driving are emerging, and the entire ICT industry is booming. At the same time, the traffic of
the entire network also increases explosively. Huawei Global Industry Vision (GIV) predicts that the
amount of new data will reach 180 ZB by 2025. Moreover, the dynamic complexity of services makes the
entire network more complex.

Such challenges can only be overcome by constructing automated and intelligent network systems
centered on user experience.

Autonomous
driving

Live
VR/AR
streaming

Traditional networks
are overloaded.

age 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei iMaster NCE

Huawei iMaster NCE is a network automation and intelligence platform that integrates
management, control, analysis, and AI functions.
• In terms of management and control, iMaster
Cloud platform & application
NCE allows you to:
▫ Manage and control traditional devices through
iMaster traditional technologies such as CLI and SNMP.
NCE
Open API ▫ Manage and control SDN-capable networks
Intent engine through NETCONF (based on the YANG model).
Manageme Analysi
Control • iMaster NCE collects network data through
nt s
Unified cloud-based platform
protocols such as SNMP and telemetry, performs
intelligent big data analysis based on AI
algorithms, and displays device and network
CLI/ NETCONF/ Telemetr
SNMP YANG y status in multiple dimensions through
Traditiona dashboards and reports, helping O&M personnel
SDN-capable network devices
l devices quickly detect and handle device and network
exceptions and ensuring normal running of
devices and networks.
age 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NETCONF Overview

NETCONF provides a network device management mechanism. You can use NETCONF to add,
modify, or delete configurations of network devices, and obtain configurations and status of
network devices.

NETCONF requires that

NETCONF has three messages exchanged
between a client and
objects: NETCONF client server be encoded using
XML.
▫ NETCONF client NETCONF
message
▫ NETCONF server Networ
k exchange
▫ NETCONF message

NETCONF server
Devic
Device Device Device
e
1 2 3
age 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NETCONF Advantages
Function NETCONF SNMP CLI

Machine-machine interface: The interface definition is Machine-to- Man-

Interface type complete and standard, and the interface is easy to machine machine
control and use. interface interface

High: Object-based modeling is supported. Only one

Operation interaction is required for object operations.
Medium Low
efficiency Operations such as filtering and batch processing are
supported.

Scalability Proprietary protocol capabilities can be extended. Weak Moderate

Supports transaction processing mechanisms such as

Partially
Transaction trial running, rollback upon errors, and configuration Not supported
supported
rollback.

Only SNMPv3
Secure Multiple security protocols: SSH, TLS, BEEP/TLS, and supports
SSH
transmission SOAP/HTTP/TLS secure
age 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved. transmission.
 Typical NETCONF Interaction
SSH
connection
RP
C
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
message-id= "101">
<edit-config> This operation is to
<target> modify configuration.
RPC-
<running/> Reply
</target>
<config> <?xml version="1.0" encoding="UTF-8"?>
<rpc-reply message-id="101"
Configuration content in XML format
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"
</config> > Modified
</edit-config> <ok/> successfully.
</rpc> </rpc-reply>

age 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 YANG Language Overview

Yet Another Next Generation (YANG) is a data modeling language that standardizes NETCONF data
content.

The YANG model defines the hierarchical structure of data and can be used for NETCONF-based
operations. Modeling objects include configuration, status data, remote procedure calls, and notifications.
This allows a complete description of all data exchanged between a NETCONF client and server.
A model is an abstraction and expression of things.

A data model is an abstraction and expression of data

features.
Interface, routing
Name, gender,
protocol, IP
height, weight,
address, routing
age, skin color...
table...

Perso Route
n r
age 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 YANG and XML (1)

A YANG file is loaded on the NETCONF client (such as the NMS or SDN controller).

The YANG file is used to convert data into XML-format NETCONF messages before they are sent to the
device.
list server { <server>
key "name"; name="smtp"
unique "ip port"; ip=192.0.2.1 <name>smtp</name>
leaf name { port=25 <ip>192.0.2.1</ip>
type string; <port>25</port>
} </server>
leaf ip {
type inet:ip-address;
+ name="http"
ip=192.0.2.1
= <server>
<name>http</name>
port=
} <ip>192.0.2.1</ip>
leaf port { </server>
type inet:port- name="ftp" <server>
number; ip=192.0.2.1 <name>ftp</name>
} port= <ip>192.0.2.1</ip>
} </server>
YANG Dat XM
file a L
age 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 YANG and XML (2)

A YANG file is loaded on the NETCONF server (such as a router or switch).

The YANG file is used to convert received XML-format NETCONF messages into data for subsequent
processing.
<server> list server {
key "name"; name="smtp"
<name>smtp</name> unique "ip port"; ip=192.0.2.1
<ip>192.0.2.1</ip> leaf name { port=25
<port>25</port> type string;
</server> }
<server>
<name>http</name>
+ leaf ip {
type inet:ip-address; =
name="http"
ip=192.0.2.1
port=
<ip>192.0.2.1</ip> }
</server> leaf port {
<server> type inet:port- name="ftp"
<name>ftp</name> number; ip=192.0.2.1
<ip>192.0.2.1</ip> } port=
</server> }
XM YANG Dat
L file a
age 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Telemetry Overview

Telemetry, also called network telemetry, is a technology that remotely collects data from physical or
virtual devices at a high speed.

Devices periodically send interface traffic statistics, CPU usage, and memory usage to collectors in push
mode. Compared with the traditional pull mode, the push mode provides faster and more real-time data
collection. SNM Telemetr
ge.
P age y to the CPU usa
s bscribe
Su 1s
t CPU u Period:
Reques
1.
Time 1
, usag
Time 1
, usag
T > 5 min e1
e1
T < 1s
sage Time 2
t CPU u , usag
Reques "Pull" "Subscriptio e2
2.
n and push"
Time 2
, usag
e2 Time 3
, usag
e e3
ue s t C PU usag
Req Telemetry supports
3.
data collection
Time 3 Time n
, usag
e3
at the level of , usag
en
subseconds.

age 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Single) On an SNMP-based network, which of the following runs the management process to
manage the managed devices? ( )
A. NMS

B. Agent process

C. MIB

D. SNMP

2. (Single) In SNMPv1, which of the following operations is used by a managed device to report
traps? ( )
A. Get-Request

B. Set-Request

C. Trap

D. Response
age 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
3. YANG is a data modeling language. ( )
A. True

B. False

4. Telemetry supports data collection at the level of subseconds. ( )

A. True

B. False

age 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summar
y

With the development of network technologies, more and more network
management and O&M methods are available. The common methods are as
follows:
▫ CLI mode or web system

▫ SNMP

▫ Huawei iMaster NCE's intelligent O&M platform (covering management, control,

and analysis)

age 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

age 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.