Network Management Fundamentals - Solarwinds® certified professional

Network Management Fundamentals are a core objective or a core part of the SolarWinds Certified Professional SCP program. Knowledge of protocols such as ICMP, SNMP, SNMP traps, Syslog, and WMI are really an important part of both your job as a network engineer or network manager, and then are an important part of the certification program and you really need to understand them. Not only should you know the details of these protocols, but you'll need in-depth knowledge of how they work, including things like MIBs, OIDs, and performance counters. There are two main types of network management protocols to be aware of, and as you study each protocol, be aware of the type that that protocol is, so you can think about how it works and its advantages and disadvantages. The two types are query-based, meaning that the NMS asks a question and waits for a response, and event-based, where the NMS simply listens for an announcement. In a query-based network management protocol, there are several advantages and disadvantages to why you would want to use those. First of all, since it's query-based and the NMS is asking a question, even if you receive no response, that still indicates an issue, because the fact you didn't receive a response is an indicator there may be a problem on the network. Query-based or polling-based network management protocols can also be scheduled, can be sent out on a frequent basis or more infrequent basis depending upon your needs for data collection, so they can be very low impact to the network. Now in Orion Network Performance Monitor or Orion NPM, the defaults for these things are two minutes for query-based polls for status and nine minutes for query-based polls for statistics. Event-based network management protocols work very differently. In an event-based system, the network management system simply sits and listens passively for announcements or events to be sent over the wire. Typically network management protocols that leverage these types of events are syslog-based and SNMP-trap based. Now they're controllable in terms of the amount of detail you want to receive from the events. So for instance on a Cisco router, a debugging detail is a very, very large amount of detail - the most detail you can get actually. Now they are also able to be happening very, very fast. In other words, event-based applications are able to listen and react as soon as a problem occurs. Let me give you an example: if you're polling the router for status of an interface every five minutes, then reliably every five minutes you know for certain that interface is up. Because when you poll the router you receive a positive affirmation from the device, be it the query language, typically SNMP, that the interface is up and operational, and if you get no response at all, you know there's a problem. The downside is that if you are polling every five minutes and momentarily after your most recent poll the interface goes down, you wouldn't know for almost five more minutes. Whereas, in an event-based system, sending SNMP traps or syslog, you would know instantly. Now the downside of event-based network management protocols is they're unreliable. Because the NMS simply sits and listens passively for these events, it doesn't know what it doesn't know. If there's a network issue that prevents a syslog or trap from getting to the NMS, the NMS is unaware of the problem without doing polling. Best practices state you should use both polling-based or query-based and event-based network management protocols as a part of your network management system and all the infrastructure you deploy. You'll also want to build and leverage alerts and reports so you're notified when issues occur, whether it's a polling-based issue detection or an event-based detection and use your report stats we provide you with lots of detail for performance over time and issues in availability. Now also remember to set the event granularity and the polling frequency - tune these things for your specific environment as best practices can vary based upon the type of topology you have, available bandwidth and resources, and your need for the immediacy of notification of issues.