Network Monitoring?

+ Contact Us

What is Network Monitoring?

Network monitoring is a segment of network management. Network monitoring is the use of a supplemental system to a network environment that is constantly monitoring a network system for failing or slowed down components. A network monitoring tool notifies a system administrator of the issue through the platforms own interface, email, and other methods of communicating the event of an alarm in the system.

What is SNMP?

SNMP stands for Simple Network Management Protocol. SNMP is a protocol used in the application layer that helps monitor and manage network environments. The purpose of SNMP is to provide a standardized language of communication of management information across devices within a Local Area Network. A majority of the devices we use today use SNMP Protocol ranging from your home wifi router to a laser printer in the office.

SNMP is broken down into four different sections:

1. SNMP Agent: The SNMP Agent is either a combination of software and hardware, or simply software that is placed inside a device. Typically, most systems have a default operating system which behave similarly to an agent through running a process.

2. Managed Devices/Resources: The managed/resources are the collection of devices that SNMP is connected to and gathering data from.

3. SNMP Manager: Also known as management station: The purpose of the SNMP manager is to handle and receive SNMP requests in addition to device information within your network. The SNMP manager translates the data received into charts and graphs to simplify analyzing the data. The

4. Management Information Base (MIB): The MIB is the location where the SNMP pools all of the data collected.

What is a Simple Network Management Protocol (SNMP) Trap?

Simple Network Management Protocol Traps, also referred to as trap-directed notifications enable efficient management of a high number of devices in in your network. A Management Information Base is not suitable for polling and requesting information from a large number of devices. Thus, trap directed notifications, enable every agent on each managed device to send a notification to the MIB. In short SNMP traps are a tool that save a significant amount of network resources by reducing the need for SNMP requests.

Indeni Provides several solution for SNMP trap issues. Below are a few examples:

SNMP traps enabled settings do not match across cluster members for Check Point

SNMP trap receivers’ settings do not match across cluster members for Check Point

Indeni will identify when two devices are part of a cluster and alert if the SNMP settings do not match. Without Indeni, an administrator would have to login and manually run the command.

What is a Virtual Private Network?

A Virtual Private Network, often referred to as a VPN is a tool that provides an internet connection that is encrypted between the device and the network it is accessing. All traffic that passes through a VPN is private by channeling the traffic through what is known as a tunnel. There are two types of VPN, such as secure remote access, which enables a device to connect to a specific different network that is located in a different network. Secure remote access gives organizations the benefit granting access to a network even if the employee is travelling or working from home. A site-to-site VPN forms a connection across different corporate branches that are unable to use a direct network connections between different locations.

How to do VPN troubleshooting

Typically, VPN an administrator will not be able to discover a VPN is down until a user reports an issue. Once the issue is identified, and one or more VPN tunnels are down, an administrator has to manually run commands via an SSH or HTTPS connection and get more information on the issue. Listed below are a series of steps to take to resolve a VPN tunnel issue:

1. Check the following for a possible root cause:

– What is the status of the remote peer? Is it up or down?
– Verify that Phase I and Phase II configuration matches on each end.
– Ensure that there is a policy in place that enables the flow of traffic
– Are there any NAT issues?
– Check the Encryption Domain
– Scroll through firewall logs

To remediate the issue, and take a proactive approach to troubleshooting a VPN network, Indeni features notifications for when VPN tunnels are down. Below is a selection of notifications/alerts Indeni sends out:

VPN tunnel(s) down for Juniper
Permanent/Monitored VPN Tunnel(s) down for Check Point
VPN Dropping Packets for Palo Alto due to decryption issues

What is OSPF?

Open Shortest Path first is an efficient link-state interior gateway protocol. Once a router that is running OSPF is online it sends hello packets. Hello packet are how routers identify neighbors in provide, link-state information to ensure that communication between two given devices are mutual and Link state advertisements. To keep a protocol scalable, OSPF using DR(BDR) which generate LSAs and perform database exchanges between neighboring routers. The purpose of synchronizing databases between adjacent devices is to avoid routing loops due to out of sync databases. OSPF also leverages a an Area tool to minimize the number of Link State Advertisements and encapsulate routes.

How to troubleshoot OSPF

– Review what the cause for the neighbors being down

– Identify what the issue is by
– Is there an L2/L3 connectivity issue?
– Is OSPF not enabled on the Interface?
– Is the interface defined as “passive”
– Is there is a mismtached subnet mask
– Is there a mismatched hello/dead interval?
– Is there a mismatched authentication key or area ID?
– Is there a mismatched transit/stub/Not-So-Stubby Area (NSSA) option?

– Check the OSPF configuration

– Use these commands in order to check the OSPF configuration (subnet, hello/dead interval, area ID, area type, authentication key (if any), and not-passive), and ensure that it matches on both sides:

show run ospf
show ip ospf PID Interface
show ip ospf PID

– Troubleshooting OSPF States:
– Stuck in Initialization State caused by:

– One side blocking the hello packet with ACL
– One Side is translating with NAT
– Multicast capability of on side is broken

– OSPF Neighbor Stuck in a Two-Way State:

– OSPF Priority set to equal zero

– OSPF Neighbor stuck in Exstart/Exchange

– MTU Mismatch
– Neighbor Router ID(RID) is the same as its neighbors
– ACL blocking unicast – after a two-way OSPF send unicast packet

– OSPF Neighbor stuck in loading state

What is BGP?

BGP stands for Border Gateway Protocol, it is an application-layer path vector protocol that manages the routing of packets on the internet by changing routing and reachability between autonomous systems. BGP channels packet across networks that are managed by a single organization or ISP through TCP. BGP is often mistake for OSPF or the vice versa. However, there is an important distinction between the two, wherein BGP uses path vector routing versus OSPF which uses link state routing.