1 / 58

Open Network Administrator (ona)

Open Network Administrator (ona). Presented by Bruce Campbell. Ona overview. Web based network management tool Administrators interact with ona over the web Ona interacts with network devices. Device configurations, permissions, etc. stored in mysql database. Ona overview. Ona users.

JasminFlorian
Download Presentation

Open Network Administrator (ona)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Open Network Administrator (ona) Presented by Bruce Campbell

  2. Onaoverview • Web based network management tool • Administrators interact with ona over the web • Ona interacts with network devices. • Device configurations, permissions, etc. stored in mysql database. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  3. Ona overview Ona users switch switch ona router AP database etc WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  4. Without ona Network staff switch switch router ap etc WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  5. Onakey features • Provides a common interface to a number of different makes and models of switches. • Supports delegation through granular access control. • Logs all changes • Traffic graphs • Saves switch configurations to tftp server • E-mails a daily summary of changes and diff report. • IP/MAC search • extensible – if you can think it, you can build it… or ask me to build it. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  6. Some details • Approximately 10,000 lines of php • Uses net_snmp library (formerly ucd-snmp) • Uses snmp primarily, and telnet for some functions I could not figure out via snmp. • Platform independent • Currently hosted on 2.4GHz PC running FreeBSD, Apache web server, .htaccess authentication to ADS and Nexus. • telnet script features written using php socket library. • Supports Nortel Baystack, Extreme, Cisco 2900/3500, Cisco 2950/3550, Avaya AP. Limited support for Cisco 1900 and Enterasys AP. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  7. Use at UW • Used by Arts, CS, Engineering, Math, Science to (help) manage approximately 250 switches and 150 Aps. • Most visible use is “day to day” activities, ie configure port speed, duplex, vlan, find a machine, etc. • Behind the scenes, ona saves configs, cvs config, graphs traffic, sends alerts upon device up/down/reboot, equipment inventory, tracks ARP/MAC changes, daily report, etc. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  8. End user features • Ona has some features for end users • Whereami (works on switch port or AP). Shows port configuration, traffic graph. • Java bandwidth test (complete with java nuances) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  9. Intro screen WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  10. MAC/IP search • Ona queries router ARP tables 5 times daily. • Queries switch MAC tables 5 times daily. (takes 30-40 minutes for 250 switches) • Queries AP MAC tables every 5 minutes. (30 seconds for 150 APs) • Everything goes in the database… forever. And everything is logged. • Search tools consult the database (ie. not real time search of device MAC tables) • Button for real time update of the MAC table from a switch or AP (one at a time only). • Real time AP MAC search • Future: smartsearch will track down a MAC from a starting point using some cleverness to avoid searching all switches. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  11. Search tool WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  12. History part of search tool WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  13. Traffic Graphs • Maintained on all ports with rrdtool, 5 minute interval. • Also track number of wireless users on each AP, and total for Aps for each orgunit. • Real time graphs. Port or switch, 10 second update. Useful for getting a snapshot of activity. • TopPorts button shows busiest ports in last 20 seconds. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  14. Port graphs(5 graphs of various intervals) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  15. Switch configurations • Switch configs saved to tftp server each night • Can be pushed to alternate tftp or ftp servers as well • Can create a tar ball of configs for automated download to a network admins laptop (instructions included for cygwin procedure and scheduled tasks). Who gets what is configurable. • Difference between yesterdays config e-mailed in daily report (minus sensitive information) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  16. Switch config view WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  17. CVS • Switch configurations stored in cvs server (plain text configs only) • Makes for easy comparison between arbitrary dates, going back to an old version. • Two cvs trees. One with real configs, one with configs minus sensitive info (passwords etc). Latter available via cvsweb to ona admins. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  18. Cvsweb diffbetween versions WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  19. Daily report • Admin changes • Port changes • Diff report • Summary of alerts • Sent to relevant ona users only. Ie. Math guys don’t get Arts report. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  20. Daily report WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  21. telnet feature • Separately enabled • Allows batch telnet commands to devices which support a command line interface • After a telnet command is issued, switch can be optionally “Sync’ed”, next time someone accesses it. • Option to send telnet commands in daily report or not, and to trigger saving the config. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  22. telnet window WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  23. Vlan conversion tool(part of telnet window if Cisco switch and all ports on vlan 1) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  24. Access control • Done through groups • Each admin and device has a primary group. • Admins and devices can be added to further groups. • Ports can be added to groups • Vlans are members of groups. • To edit a port, an admin must have a group in common with the port or switch. • Use of regular expressions simplifies listing which switches are in which groups. • To put a port on a vlan, the admin must have a group in common with that vlan. • To edit a trunk, an admin must not have “denytrunkchanges” setting, and must have permission on all vlans on the trunk. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  25. Device groups window WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  26. More access control • All tools (buttons) can be selectively disabled, or all disabled and some selectively re-enabled. • The ability to set port settings can be similarly restricted. • For example, can give permission to Search only, and disable/enable port only. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  27. Administrative interface • Typically one ona user per faculty is an ona administrator. • They can add switches, users, configure permissions. • Cannot delete other admins, or create more admins, depending on settings. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  28. Admin interface WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  29. Admins table(note systemadmin setting) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  30. Adding a device • Add ipname, make, devicetype (switch, router or ap), telnet and snmp passwords. • The passwords are encrypted in the ona database • First attempt to access newly added device will force a “Sync”. WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  31. Device add window WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  32. Few other odds and ends • When a port is disabled, an optional message can be entered which is sent to the DNS contact, admin. • When a vlan is created, it is named based on UW convention. • Comment field for each port (stored in database, not the same as port description) • Configuration translator WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  33. Configuration translator(converts port settings between vendors) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  34. See ? WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  35. Main Screen(note sort buttons) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  36. Sorted by version(example) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  37. Switch Screenexample 1 WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  38. Printable version WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  39. Some buttons • Sync : pull config from switch into ona (done daily automatically) • Freshen : pull port states only (happens automatically if over an hour since last time) • Save : save settings to NVRAM (ona does this automatically if changes are made and not saved, once per day) • UpdateMacs : pull MAC table (done 5 times daily automatically, typically) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  40. Switch screenexample 2 (note trunks) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  41. Showing MACs on a trunk(note show naa users button) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  42. Ping tool WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  43. TopPorts tool WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  44. Alerts(e-mailed also) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  45. Showing changes on a switch WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  46. Port edit screen(note save now vs. later) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  47. Port edit screen(trunk) WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  48. Access Point view(note 1 AP down)Users column is MACs seen in last 24 hours WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  49. Usage graphs part of AP view WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

  50. Single AP view WatITis | Supporting UW’s Mission Through I.T. | December 7, 2004 | Open Network Administrator

More Related