Network Management, Operation and Maintenance

Abstract

As the scale of network grows larger and larger, and the variety of devices in the network becomes increasingly diverse, how to effectively manage the growingly complex network to provide high-quality network services has become a daunting challenge for network management.

As the scale of network grows larger and larger, and the variety of devices in the network becomes increasingly diverse, how to effectively manage the growingly complex network to provide high-quality network services has become a daunting challenge for network management.

There are various means for network management, operation and maintenance, and this chapter mainly explains how to use the network management system to unify the management and monitoring of devices in the enterprise network. The chapter introduces not only the working principles and configuration of the SNMP protocol, but also the working principle of the NTP protocol, as well as how to configure network devices to synchronize clocks using the NTP protocol.

16.1 Overview of Network Management, Operation and Maintenance

The OSI reference model defines five major functional models of network management .

• Configuration management. Configuration management is responsible for monitoring the configuration information of the network, so that network administrators can generate, query, modify the operating parameters and conditions of hardware and software, and can configurate related services.

• Performance management. Performance management takes network performance as a guideline to ensure that the network can provide reliable and continuous communication capabilities while using fewer network resources and reducing time latency.

• Fault management. The primary goal of fault management is to ensure that the network is always available and that faults are repaired as soon as possible when they occur.

• Security management. Security management protects the network and system from unauthorized access and security attacks.

• Billing management. Billing monitoring is mainly used to track and control the use of network resources by users and store the relevant information in the operation log database to provide a basis for billing.

There are only two means of network device management: one is to manage the device by connecting to the dedicated management interface of the network device (such as Console, MiniUSB) and using the virtual terminal software (such as SecureCRT); and the other is to launch Telnet/SSH remote management access to network devices by using the interface used for data transmission. Both of these management methods require administrators to establish connections and perform management on a device-by-device basis. This type of management method is appropriate for newly created projects or projects whose network is changed, because at this time the technicians proactively carry out all operations on each network device and the purpose of the operations is quite clear. However, this method is not suitable for administrators to manage and maintain the entire network on a daily basis. One of the key reasons is that technicians cannot predict on which component of which device network failures and network attacks will occur.

For example, a network deploys standby devices and corresponding high-availability technologies at certain critical points in the hope that the network will provide users with uninterrupted communication services 24/7. However, when the primary device breaks down, the smooth switchover of the forwarding device from the primary device (and link) to the standby device (and link) goes unnoticed by any user. The administrator is also unaware that the network has failed, and he certainly will not login to the primary device that has crashed and check for faults that could have caused the shutdown, much less repair or replace this device accordingly. Thus, the first time the administrator realizes that the primary device has failed is when the user complains to him about the disruption of network communication (caused by the breakdown of the backup device). In other words, redundant devices are unable to optimally improve the network availability.

The above example shows that in a network, a complex system containing a large number of devices, it is often inadequate to initiate management access on a device-by-device basis. Even if there are only a few common errors in the network, as long as the network is large enough, using the device management approach described earlier to troubleshoot them is akin to a blindfolded man trying to understand an elephant solely by touch. Therefore, managing the network requires a more macro management approach than managing network devices on a device-by-device basis.

For such complex systems, the most ideal management approach is for administrators to be able to access the working status of all managed devices in a timely manner through the operation interface of a management program, and to be able to configure all managed devices through this interface. The Simple Network Management Protocol (SNMP) defines the standard for the management communication performed by the management end and the network devices.

16.2 Principles and Configuration of SNMP

The following explains the SNMP principles and configures Huawei devices as SNMP agents.

16.2.1 Overview of SNMP Protocol

There are various types of network devices, and the management interfaces (such as command line interfaces) of different devices provided by different vendors vary, which makes network management increasingly complicated. To address this problem, SNMP came into existence. As a standard protocol for network management widely used in TCP/IP networks, SNMP provides a uniform interface that enables unified management among different types and vendors of network devices.

SNMP protocol is divided into three versions: SNMPv1, SNMPv2c and SNMPv3.

SNMPv1 is the original version of the SNMP protocol and provides minimal network management functions. SNMPv1 is based on community name authentication and is less secure, but returns messages with fewer error codes.

SNMPv2c also uses community name authentication. It introduces GetBulk and Inform operations on top of SNMPv1, supporting more standard error code messages and more data types (e.g., Counter64, Counter32).

SNMPv3 is enhanced mainly in the aspect of security, providing USM (User Security Module) based authentication encryption and VACM (View-based Access Control Model) based access control. The operations supported by SNMPv3 are the same as those supported by SNMPv2c.

16.2.2 Components of SNMP System

As shown in Fig. 16.1, the SNMP system consists of four components, namely, Network Management System (NMS), SNMP Agent, Management Information Base (MIB), and Managed Object.

Fig. 16.1

SNMP system composition

The composition of SNMP system is shown in Fig. 16.1. Each managed device contains SNMP Agent, MIB and multiple managed objects. NMS interacts with the SNMP Agent running on the managed device, and the SNMP Agent operates on the MIB of the device to complete the NMS commands.

1. 1.

   NMS is the administrator in the network, a system running on the NMS server that uses SNMP protocol to manage and monitor network devices. NMS can send requests to the SNMP agents on the device to query and modify the values of one or several specific parameters. The NMS can receive SNMP Traps (SNMP Traps will be introduced in detail in 16.2.5) actively sent by the SNMP agent on the device to be informed of the current status of the managed device.

2. 2.

   SNMP agent is an agent process in the managed device, which is used to maintain the information data of the managed device, respond to the requests from NMS, and report the management data to the NMS that sends the request. After receiving the request information from NMS, the SNMP agent completes the corresponding command through MIB database and submits the operation result to the NMS. When the device fails or other events occur, the device sends SNMP traps to the NMS through SNMP Agent and reports to it the current status change of the device.

3. 3.

   MIB is a database that stores the variables maintained by the managed device. These variables are a series of attributes of the managed device, such as the name, status, access rights and data type of the managed device. MIB can also be regarded as an interface between the NMS and the SNMP agent, through which the NMS can query and set the variables maintained by the managed device.

4. 4.

   Each device may contain multiple managed objects, which can be a hardware in the device or a collection of parameters configured on the hardware and software (such as routing protocol).

The MIB stores data in a tree structure, as shown in Fig. 16.2. The nodes of the tree represent managed objects, and we can identify it with a path starting from the root, which is called OID (Object IDentifier). For example, the OID of system object is 1.3.6.1.2.1.1, and the OID of interfaces object is 1.3.6.1.2.1.2.

Fig. 16.2

OID tree structure

A subtree can also be identified by the OID of the root node of that subtree, e.g., for a subtree with private as the root node, its OID is the OID of the object “private”, i.e., 1.3.6.1.4.

The MIB view is a subset of the MIB, and the user can configure the MIB view to restrict the MIB managed objects that the NMS can access. The user can configure the subtree (or node) within the MIB view as exclude or include, where “exclude” means that the current view excludes all nodes of the MIB subtree, and “include” means that the current view includes all nodes of the MIB subtree.

16.2.3 SNMP Queries

SNMP query means that NMS voluntarily send query request to the SNMP agent, and after receiving the query request, the SNMP agent completes the corresponding instruction through MIB table and feeds the result to the NMS, as shown in Fig. 16.3.

Fig. 16.3

SNMP query

Thre are three types of SNMP query operation: Get, GetNext and GetBulk. Version SNMPv1 does not support GetBulk operation.

• Get: NMS uses this operation to get one or more parameter values from the SNMP agent.

• GetNext: the NMS uses this operation to get the next parameter value for one or more parameters from the SNMP agent.

• GetBulk: this operation is based on GetNext, and is equivalent to performing multiple GetNext operations in succession. The number of times the managed device performs the GetNext operation during one GetBulk message interaction can be configured on the NMS.

The working principles of SNMP query operation of different versions are basically the same, the only difference being that authentication and encryption processing are added in version SNMPv3. The following uses the Get operation of version SNMPv2c as an example to introduce the working principles of SNMP query operation.

Assuming that the NMS wants to get the value of node sysContact of the managed device MIB, and the readable community name used is “public”. The specific process is as follows.

1. 1.

   NMS: it sends a Get request message to the SNMP agent. The settings of the fields in the message are as follows: the version number is the SNMP version used; the community name is “public”; the PDU type in the Protocol Data Unit (PDU) is Get, and the binding variable is filled with the MIB node name sysContact.

2. 2.

   SNMP Agent: it first authenticates the version number and community name carried in the request message; after successful authentication, the SNMP agent will query the sysContact node in MIB according to the request, get the value of sysContact and encapsulate it into the PDU in the response message, and send the response message to the NMS; if the query is unsuccessful, the SNMP agent will send an error response to the NMS.

16.2.4 SNMP Setting

The SNMP setting means that NMS voluntarily sends a request to the SNMP agent to perform Set operation on the device. After receiving the Set request, the SNMP agent completes the corresponding instruction through the MIB table and feeds the result to NMS , as shown in Fig. 16.4.

Fig. 16.4

SNMP set

The SNMP setting has only one Set operation, which can be used by the NMS to set one or more parameter values in the SNMP agent.

The working principles of SNMP Set operation of different versions are basically the same, the only difference being that authentication and encryption processing are added in version SNMPv3. The following uses the SNMP Set operation in version SNMPv3 as an example to introduce the working principles of SNMP Set operation.

Assuming that the NMS wants to set the value of node sysName of the managed device MIB to HUAWEI, the detailed process is as follows.

1. 1.

   NMS: it sends a Set request message without security parameters to the SNMP agent to get the information about SNMP managed device engine.

2. 2.

   SNMP agent: it responds to the request from NMS and feeds the requested parameters to NMSs.

3. 3.

   NMS: it again sends the Set request to the SNMP agent, and the settings of the fields in the message are as follows

   • Version: SNMPv3.

   • Message header data: specify the authentication and encryption mode to be used.

   • Security parameters: the NMS calculates the authentication parameters and encryption parameters by the configured algorithm, and fills these parameters and the obtained security parameters into the corresponding fields.

   • PDU: the obtained Context EngineID and Context Name are filled into the corresponding fields, the PDU type is configured as Set, the binding variable is filled with the MIB node name sysName and HUAWEI, the value to be set, and the PDU is encrypted using the configured encryption algorithm.

4. 4.

   SNMP agent: first, the version number and community name carried in the message are authenticated. After successful authentication, the SNMP agent sets the nodes in the management information database MIB corresponding to the management variables according to the request, and sends a response message to the NMS after successful setting. If the setting is unsuccessful, the agent will send an error response to the NMS.

16.2.5 SNMP Traps

SNMP traps means that the SNMP agent voluntarily report alarms or events generated by the device to the NMS so that the network administrator can be timely informed of the current operation status of the device.

There are two ways for the SNMP agent to report SNMP traps: Trap and Inform. Version SNMPv1 does not support Inform. The difference between Trap and Inform is that after the SNMP agent sends an alarm or event to NMS via Inform, the NMS needs to reply InformResponse for acknowledgement; when SNMP agent sends a Trap message to the NMS, the NMS does not send an acknowledgment message to the SNMP agent, as shown in Fig. 16.5.

1. 1.

   Working principles of the trap operation

   Trap operation does not belong to the basic operation of NMS on the managed device. Instead, it is the spontaneous behavior of the managed device. When the managed device reaches the condition to trigger an alarm, it will send a trap message to the NMS through the SNMP agent to inform it of the abnormal situation of the device so that the network administrator can deal with the abnormality in time. For example, the SNMP agent sends a trap of warmStart to the NMS after the warm start of the managed device.

   This kind of trap message is restricted. The SNMP agent reports to the management process only when the module of the device reaches the its predefined alarm trigger conditions. The advantage of this approach is that a trap message is sent only when a serious event occurs, which reduces the traffic generated by message interactions.

2. 2.

   How the inform operation works

   The inform operation is also the active behavior of a managed device sending alarms to the NMS. Unlike the trap operation, after the managed device sends an inform message, the NMS is required to receive and acknowledge the message. If the managed device does not receive an acknowledgement message, the following processing is performed.

   1. (a)

      Save the alarm or event temporarily in the inform cache.

   2. (b)

      Repeat the alarm or event until the NMS acknowledges the receipt of the alarm or event, or the number of transmissions reaches the maximum number of retransmissions.

   3. (c)

      Generate the corresponding alarm or event log on the managed device.

      It can be seen from above that using the inform operation will take up more system resources.

Fig. 16.5

SNMP traps

16.2.6 Configure SNMP

When the network construction of an enterprise or organization is completed, the whole network project will proceed to the operation and maintenance phase. In larger networks, the more network devices are involved in the work, the greater the maintenance workload of interfaces, cables, dynamic routing protocols and other information, and the difficulty of the operation and maintenance will increase accordingly. Generally speaking, for a large network, there will be a team responsible for the “network management system”. They are shouldering a major responsibility, as they are the first to find the problems in the network when problems arise. In order to enable a team of two or three people to take up this heavy responsibility, administrators can reduce their workload by enabling the SNMP agent function on network devices and deploying NMS in the network in advance during the implementation of network projects.

This section demonstrates how to enable the SNMP agent function on a Huawei router. The SNMP version configured in this section is SNMPv2c, which is commonly used at present. With the exemplary topology in Fig. 16.6, the following part talks about enabling the SNMPv2c agent function on AR1 and managing it on the NMS.

Fig. 16.6

Enable the management of AR1 via SNMPv2c on NMS

As shown in Fig. 16.6, AR1 and NMS belong to the same IP subnet. The network is designed in this way to simplify the experimental environment so as to highlight the focus of the experiment. We only focus on the factors related to the SNMP configuration and ignore the IP routing. However, in practice, the NMS and the managed device often belong to different IP subnets, and the administrator needs to ensure that the IP communication with the managed device is enabled before configuring the SNMP agent function. In this case, the administrator wants to enable this specified NMS to communicate with AR1 (and other managed devices) via SNMPv2c.

To restrict one or more NMSs from using SNMP to manage network devices, the administrator can allow the IP address (or subnet) of the NMS in the basic access control list (ACL) and deny other IP addresses. When applying an ACL on a device with SNMP agent enabled, the IP address allowed in the ACL is the IP address of the NMS, and there is no need to consider the directionality of the ACL. Next the administrator will apply it in the configuration command of SNMP agent.

[AR1]acl 2000 [AR1-acl-basic-2000]rule permit source 192.168.56.12 0.0.0.0 [AR1-acl-basic-2000]rule deny source any

The following shows the configuration commands to enable the SNMP agent function on AR1.

[AR1]snmp-agent --Enable snmp-agent [AR1]snmp-agent sys-info version v1 v2c --Specify the snmp version [AR1]snmp-agent sys-info contact hanligang@huawei.com --Specify the contact, optional configuration [AR1]snmp-agent sys-info location Office101 --Specify the device location, optional configuration [AR1]snmp-agent community read public acl 2000 --Specify the readable community name [AR1]snmp-agent community write private acl 2000 --Specify the writable community name [AR1]snmp-agent target-host trap-hostname windows10 address 192.168.80.112 udp-port 161 trap-paramsname public --Specify snmp-agent to send trap messages to NMS

The first command is to enable snmp-agent. The SNMP agent function is enabled by default, so it is not actually necessary to enter the first command.

The second command configures the SNMP version supported by the Huawei router. The SNMP agent function is enabled by default for all SNMP versions, and this command changes the SNMP version supported to v1 and v2c.

The third command specifies the administrator information of this device.

The fourth command specifies the location information of this device.

The fifth command associates several configuration elements together, and these elements can be better clarified in the full command method: snmp-agent community {read | write} community-name acl acl-number. We can easily identify from the bold keywords that main purpose of this command is to define the read and write of the community name, and also to restrict the use of this community name. In this case, an ACL is used to restrict the NMS (NMSs) that can use this community name. The ACL 2000 created above is applied to the SNMP service module here. The readable community name set by the administrator in this command is “public”, which meets the complexity requirement for writing a community name: it contains at least six characters and consists of at least two types of characters (lowercase letters, uppercase letters, numbers, and special characters other than blank spaces). After the community name is successfully configured, it is saved in the router’s configuration in cipher text.

The sixth command sets the writable community name as “private”.

The seventh command sets the NMS to which the device can send trap messages.

16.3 Principles and Configuration of NTP

16.3.1 Overview of NTP Protocol

As the network topology becomes increasingly complex, it will become important to synchronize the clocks of devices within the entire network. If we solely rely on the administrator to manually modify the system clock, we will face huge workload, and meanwhile, the accuracy of the clock cannot be guaranteed. Network Time Protocol (NTP) emerged to address the problem of synchronizing system clocks of devices in the network.

NTP is mainly used when all device clocks in the network need to be consistent.

• Network management: when analyzing the log information and debugging information collected from different routers, the time needs to be used as a reference basis.

• Billing system: all device clocks are required to be consistent.

• Multiple systems collaborating on the same complex event: to ensure the correct execution sequence, multiple systems must refer to the same clock.

• Incremental backups between backup servers and clients: it is required that the clocks of backup servers and all clients should be synchronized.

• System time: some applications need to know when users logged into the system and when files were modified.

NTP is an application layer protocol of the TCP/IP stack. NTP is mostly used to synchronize clocks of a series of distributed NTP time serversand clients.

NTP evolved from time protocols and ICMP timestamp messages with special design in terms of accuracy and robustness. There are five versions of NTP: NTPv0, NTPv1, NTPv2, NTPv3 and NTPv4. The latest version, NTPv4, provides support for IPv6 based on NTPv3 with enhanced security and backward compatibility with NTPv3. NTP uses UDP as the transport layer protocol, whose public port number is 123.

NTP defines two different types of messages, synchronization messages and control messages. In most cases, NTP devices will use the client-server communication model to communicate with each other, while the server and the client will often send these two types of messages in the form of unicast. This NTP communication model is called unicast client-server mode. Moreover, NTP also defines four other modes including peer-to-peer model (called P2P mode) and client-server model that uses broadcast communication (broadcast mode). When an NTP device receives an NTP message, it can use the Mode field in this NTP message encapsulation to determine the mode used by the sender and the type of this message (whether it is a synchronization message or a control message).

Basically, all current mainstream network devices, such as ACs, APs, firewalls, routers, switches and servers, can be used as NTP clients, and some of them can also be used as NTP time servers.

16.3.2 Basic Principles of NTP

Figure 16.7 is an example of system clock synchronization based on the NTP protocol. As shown in Fig. 16.7, the NTP client and the NTP time server are connected, both of which have their own independent system clocks. Now the clock of the NTP client has to be synchronized with the clock of the NTP time server. This suction introduces the basic principles of NTP under the assumption that the system clock accuracy of the NTP client and the NTP time server is 0, i.e., they are perfectly accurate.

Fig. 16.7

NTP protocol clock synchronization process

The methods for setting parameters and synchronization are as follows.

1. 1.

   Before synchronizing the system clocks of the NTP client and NTP time server, set the clock of NTP client to Ta and the clock of NTP time server to Tb.

2. 2.

   The clock of the NTP client is to be synchronized with the clock of the NTP time server.

3. 3.

   The principle described here is performed in a scenario where the system clock accuracy of the NTP client and the NTP time server is 0, i.e., they are perfectly accurate.

The system clock synchronization process is as follows.

1. 1.

   The NTP client sends an NTP request message to the NTP time server at time T1, which carries the timestamp T1 when it leaves the NTP client.

2. 2.

   The NTP request message arrives at the NTP time server, and the current time of the NTP time server is T2. After processing, the NTP time server sends an NTP response message at T3. The response message carries the timestamp T1 when it leaves the NTP client, the timestamp T2 when it arrives at the NTP time server, and the timestamp T3 when it leaves the NTP time server.

3. 3.

   The NTP client receives the response message at T4.

Through the above NTP message interaction, the NTP client can obtain four time parameters, that is T1, T2, T3 and T4. Since the clocks of the NTP client and the NTP time server are perfectly accurate, we can calculate the time offset between the NTP client and the NTP time server, which is the time offset that the NTP client needs to adjust, by the following formula.

• Calculate the time Delay required for an NTP message to be sent from the NTP client to the NTP time server, where equal round-trip time is assumed.

$$ \mathrm{Delay}=\left[\left(\mathrm{T}4-\mathrm{T}1\right)-\left(\mathrm{T}3-\mathrm{T}2\right)\right]/2 $$

• Calculate the time Offset between the NTP client and the NTP time server.

Take T4 as an example. At T4, the message sent by the NTP time server is received by the NTP client when the server’s time is already T3 + Delay, then the time Offset can satisfy the following formula.

$$ \mathrm{T}4+\mathrm{Offset}=\mathrm{T}3+\mathrm{Delay}. $$

After organizing the equation, we can get.

$$ \mathrm{Offset}=\mathrm{T}3+\mathrm{Delay}-\mathrm{T}4=\mathrm{T}3+\left[\left(\mathrm{T}4-\mathrm{T}1\right)-\left(\mathrm{T}3-\mathrm{T}2\right)\right]/2-\mathrm{T}4=\left[\left(\mathrm{T}2-\mathrm{T}1\right)+\left(\mathrm{T}3-\mathrm{T}4\right)\right]/2. $$

The NTP client adjusts its own clock according to the calculated Offset to synchronize its clock with the NTP time server.

16.3.3 NTP Network Architecture

The following concepts exist in the network architecture of NTP.

• Synchronization subnet: as shown in Fig. 16.8, a synchronization subnet can be formed by the master time server, secondary time server, PC client and the transmission path interconnected between them.

• Master time server: it can be directly synchronized to a standard reference clock via cable or radio, which is usually a radio clock or a global positioning system, etc.

• Secondary time server: it is synchronized to the master time server or other secondary servers in the network. The secondary time server can transmit time information to other hosts inside the LAN through NTP.

• Stratum: stratum is a grading standard for clock synchronization, which represents the accuracy of a clock. The value range of stratum is between 1 and 16. The smaller the value, the higher the accuracy, where 1 means the highest clock accuracy while 16 means it is not synchronized.

Under normal circumstances, the primary and secondary time servers in the synchronization subnet exhibit a hierarchical master-slave structure. In this hierarchical structure, the master time server is located at the root, while the secondary time servers approach the leaf nodes. The larger the stratum, the less the accuracy. The accuracy reduced depends on the network path and the stability of the local clock.

Fig. 16.8

NTP network structure

16.3.4 Working Modes of NTP

NTP has several operating modes for time synchronization, and users can choose the appropriate operating mode according to their needs.

• Unicast server/client mode.

• Peer mode.

• Broadcast mode.

• Multicast mode.

This section focuses on the unicast server/client mode. First, we need to explain the client and server here.

Client: a host running in client mode (referred to as a client) sends periodic messages to the server with the Mode field set to 3 (client mode). The client is usually a workstation inside the network, which is synchronized according to the other party’s clock, but does not modify that clock.

Server: a host running in server mode (referred to as a server) can receive and respond to messages with the Mode field set to 4 (server mode). The server is usually a time server within the network that provides synchronization information to the client, but does not modify its own clock.

The unicast server/client mode operates at a higher stratum of the synchronization subnet. This mode requires to know the IP address of the server in advance, and the working process of the unicast server/client mode is as shown in Fig. 16.9.

Fig. 16.9

NTP unicast server/client mode

The client sends NTP messages to the server at restart and in a regular basis after restart. After receiving the message from the client, the server first exchanges the destination IP address and destination port number of the message with its source IP address and source port number, respectively, and then fills in the required information and sends the message to the client. The server does not need to keep any status information, and the client can freely manage the time interval for sending messages according to the local situation.

16.3.5 Configure NTP

There are many time servers on the Internet, for example, Alibaba Cloud provides seven NTP time servers, i.e., Internet time synchronization servers. Their domain names are as follows.

ntp1.aliyun.com ntp2.aliyun.com ntp3.aliyun.com ntp4.aliyun.com ntp5.aliyun.com ntp6.aliyun.com ntp7.aliyun.com

The following is a simple experiment to demonstrate how to configure the NTP protocol on a Huawei network device. Figure 16.10 shows the configuration environment for the experiment.

Fig. 16.10

NTP configuration environment

In the network environment shown in Fig. 16.10, AR1 is connected to the Internet as the gateway router of the enterprise and has applied for public network IP address 202.108.0.1/30 through the ISP. AR1 uses the unicast client-server mode of NTP to synchronize with Alibaba cloud time server through the public network. Meanwhile, as the clock source (NTP time server) inside the enterprise network, it still uses the unicast client-server mode of NTP, synchronizing with the time of other network devices in the enterprise. For other network devices in the enterprise, only one router, AR2, is given in this case, and it is used as the NTP client.

In the unicast client-server mode, the clock information can only be synchronized by the client with the server, and the server will not actively synchronize with the client. For a device like AR1 that also needs to function as a local network NTP time server, only after its own clock has been synchronized can it act as an NTP time server to synchronize other devices; and also, only when the server’s stratum is smaller than the client’s, the client will synchronize with it.

When using the unicast client-server mode of NTP, the administrator needs to configure the master clock in the NTP time server, which requires the use of the system view command ntp-service refclock-master [ip-address] [strtum]. The administrator also needs to use the system view command ntp-service unicast-server ip-address on the NTP client to specify the IP address of the NTP time server to enable the client to synchronize with the server.

In order to configure the synchronization with Alibaba cloud time server on AR1, in this case, ntp1.aliyun.com is chosen as the time server, whose address is 120.25.115.20. Make sure that AR1 has been configured with the interface address and route, and can access the Internet.

[AR1]ntp-service unicast-server 120.25.115.20 [AR1]ntp-service refclock-master

In the above, “ntp-service unicast-server 120.25.115.20” is a system view command to specify the IP address of the NTP time server in the unicast client-server mode of NTP. In this case, AR1 wants to synchronize the clock with Alibaba cloud time server, so the IP address is set to 120.25.115.20.

The command “ntp-service refclock-master” is a system view command to configure the master clock on the NTP time server. In this case, AR1 not only acts as an NTP client to synchronize clock information from Alibaba cloud time server, but also functions as an NTP time server in the enterprise to provide clock information to other network devices in the enterprise, so the administrator can use this command to set the local clock of the router as the master clock. In this command you can also set the number of stratums. In this case AR1 gets the clock information through an external clock source, so here we do not have to manually specify the stratum information.

Check the NTP status on AR1.

<AR1>display ntp-service status clock status: synchronized clock stratum: 3 reference clock ID: 120.25.115.20 nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: -28799204.0460 ms root delay: 111.35 ms root dispersion: 7.22 ms peer dispersion: 1.02 ms reference time: 11:10:10.292 UTC Mar 19 2020(E21DD192.4AD86EC1)

The “display ntp-service status” command enables you to view the NTP status on the router. From the above commands, we can see that the clock status on AR1 is synchronized (clock status:synchronized), the stratum is 3 (clock stratum:3), and the reference clock ID is 120.25.115.20, which is the NTP time server manually specified by the administrator.

Since AR1’ own clock has been synchronized, it already has the prerequisites to become an NTP time server. Then configure its NTP client AR2.

[AR2]ntp-service unicast-server 192.168.11.1

Check the NTP status on AR2.

[AR2]display ntp-service status clock status: synchronized clock stratum: 4 reference clock ID: 192.168.11.1 nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: -28799747.5500 ms root delay: 332.64 ms root dispersion: 0.65 ms peer dispersion: 304.50 ms reference time: 22:30:56.086 UTC Mar 19 2020(E21E7120.16096787) [AR2]

As you can see from the above code, the clock status on AR2 is synchronized (clock status:synchronized), the stratum increment is 4 (clock statum:4), and the reference clock ID is 192.168.11.1.

On the router, the administrator can also use the display ntp-service session command to view the status statistics of the NTP session. In an environment of the unicast client-server mode of NTP, all NTP sessions are manually added.

[AR2]display ntp-service sessions source reference stra reach poll now offset delay disper *************************************************************** [12345]192.168.11.1 120.25.115.20 3 63 64 - -8h 111.0 1.0 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured, 6 vpn-instance

The output of the display ntp-service sessions command shows that there is one NTP session on AR2. The source of this NTP session is 192.168.11.1, the reference clock is 120.25.115.20, and the stratum is 3.

16.4 Exercises

1. 1.

   Which of the following SNMP messages is sent from the agent on the managed device to the NMS? ( )

   1. A.

      Get NextRequest

   2. B.

      Get Request

   3. C.

      Set Request

   4. D.

      Response

2. 2.

   Which of the following versions of SNMP protocol supports the encryption feature? ( )

   1. A.

      SNMPv2c

   2. B.

      SNMPv3

   3. C.

      SNMPv2

   4. D.

      SNMPv1

3. 3.

   The management station manages network devices through the SNMP protocol. Which SNMP message will the network management station receive when an exception occurs in the managed device? ( )

   1. A.

      Get Response message

   2. B.

      Trap message

   3. C.

      Set Request message

   4. D.

      Get Request message

4. 4.

   In the SNMP protocol, which port number does the agent process use to send alarm messages to the NMS? ( )

   1. A.

      163

   2. B.

      161

   3. C.

      162

   4. D.

      164

5. 5.

   The following ACLs are applied in the SNMP. Which of the following statements is incorrect ( )?

acl number 2000 rule 5 permit source 192.168.1.2 0 rule 10 permit source 192.168.1.3 0 rule 15 permit source 192.168.1.4 0

1. A.

   The device whose IP address is 192.168.1.5 can use the SNMP service

2. B.

   The device whose IP address is 192.168.1.3 can use the SNMP service

3. C.

   The device whose IP address is 192.168.1.4 can use the SNMP service

4. D.

   The device whose IP address is 192.168.1.2 can use the SNMP service

1. 6.

   SNMP messages are carried by the TCP. ( )

   1. A.

      Correct

   2. B.

      Incorrect

2. 7.

   Illustrate the five major functions of network management defined by OSI.

3. 8.

   Which four parts does the SNMP system consist of?