Chapter Summary

FCAPS is the acronym for a model of network management and consists of five levels: fault management, configuration, accounting, performance, and security.

At the fault management level, network problems are found and corrected and potential future problems are identified and prevented, minimizing network downtime.

At the configuration management level the operation and configuration of the network is monitored and controlled. Hardware and software changes and updates, including new equipment configurations and software patches, are coordinated, including a back-out plan. If anything should go wrong during a hardware or software update the back-out plan provides for an "undo" function. Configuration management also provides for an inventory of network hardware and software, including spare equipment.

At the accounting management level, network resources are distributed appropriately among network users, making the most effective use of the network and minimizing network costs by not maintaining more network bandwidth than is necessary. The accounting management level is also responsible for ensuring that organizations, departments, or end users are billed correctly and appropriately for their network usage.

The performance management level involves overall performance of the network. Performance is a measurement of several variables, including, but not limited to, network uptime, available bandwidth, and maximum throughput per user, average bandwidth per user, and average bandwidth per protocol. The goal of performance management is to minimize network bottlenecks, or choke points, where users can experience network slowdowns resulting in poor application performance. Performance management also provides for a method to identify and analyze improvements that might exist, now or in the future, that will provide the best overall network performance.

The security management level protects the network resources and its users from the following: outside intruders (such as malicious hackers), unauthorized users (internal or external), and physical or electronic sabotage. Security management also involves the confidentiality and integrity of user information. The security systems enable network managers to control what authorized users can (and cannot) do within the network and its systems.

The Simple Network Management Protocol, or SNMP, is a widely used network management and monitoring protocol. Network management and monitoring data is passed from SNMP agents to the network management console overseeing the network. The SNMP agents are either a hardware or software process reporting activities that reside in each network device, such as routers or switches. The network management consoles are often located in network operations centers, or NOCs. The SNMP agents send information contained in a Management Information Base, or MIB, back to the SNMP manager. The MIB is a data structure defining what data can be collected from the device and what can be managed, such as, the turning on or off of a router or switch port interface.

SNMPv1 provides basic information regarding the managed device, such as "Is the device up or down?"

SNMPv2 provides enhancements to SNMPv1 such as security and a RMON MIB. The RMON MIB provides continuous feedback from the managed device without having to be queried by the SNMP management console.

SNMPv3 builds on the enhancements of SNMPv2 by adding a security component to the data being sent back to the network management console.

RMON provides extensions to SNMP, providing more in-depth network monitoring capabilities. With SNMP, the management station queries the network devices for information; RMON is proactive and can set alarms based on traffic conditions, such as network errors or failures. RMON2 can monitor the application traffic flowing through the network and provide information regarding this traffic. Devices can generate traps without a specific query issued from a management station, even without RMON.

SPAN, sometimes called port mirroring or port monitoring, copies switch network traffic and forwards the frames out the SPAN port for analysis by a network analyzer or probe. With SPAN you can monitor an individual switch port, multiple ports on the local switch, local traffic for a single VLAN, or local traffic for multiple VLANs. With SPAN you cannot monitor traffic from a remote switch, such as a switch on the other side of a trunk link; SPAN enables you to monitor only traffic on the local switch.