User Tools

Site Tools


navfeatures

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
navfeatures [2007/06/11 10:36]
morten inline the model image
navfeatures [2012/05/08 07:38] (current)
morten typo
Line 1: Line 1:
 +====== NAV features at a glance ======
  
-====== Introduction ​======+ 
 +===== Introduction =====
 Network Administration Visualized is an advanced software suite to  Network Administration Visualized is an advanced software suite to 
 monitor large computer networks. It automatically discovers network ​ monitor large computer networks. It automatically discovers network ​
Line 7: Line 9:
 of alert profiles. of alert profiles.
  
-NAV was developed ​at the Norwegian University of Science and Technology  +Development of **NAV** started in 1999 at the [[http://​www.ntnu.no|Norwegian University of Science and Technology]] (NTNU). It originated as a collection of scripts used internally at NTNU's ITEA Network group. In 2001 [[http://​www.uninett.no|UNINETT]] became interested in its development. In 2006 the development of NAV was moved from NTNU to UNINETT. NAV is used at nearly ​all universities and university ​colleges in Norway ​and [[navusers|many places elsewhere]].
-([[http://​www.ntnu.no/|NTNU]]). Development started in 1999. It originated ​ +
-as a collection of scripts used internally at NTNU's ITEA Network group. ​  +
-In 2001 [[http://​www.uninett.no/|UNINETT]] became interested in its development, and has since been funding NAV  +
-development ​at NTNU on behalf ​of all  universities and  colleges in Norway.+
  
 As of 2004 NAV is made freely available under the GNU General Public License. As of 2004 NAV is made freely available under the GNU General Public License.
 NAV runs on a unix platform, software packages are currently available ​ NAV runs on a unix platform, software packages are currently available ​
-for Redhat, ​Debian and FreeBSD.+for Debian, RHEL/​Centos,​ Suse and FreeBSD.
  
  
  
-====== NAV functionality ​======+ 
 + 
 + 
 + 
 +===== NAV functionality =====
 The figure below gives an overview of NAV. As shown, the NAV database is the heart of the system (background processes are on the bottom of the figure, foreground web tools are on the top). The figure below gives an overview of NAV. As shown, the NAV database is the heart of the system (background processes are on the bottom of the figure, foreground web tools are on the top).
  
-{{navmodel.jpg|Plink}}+{{navmodel.png|The NAV model}} 
  
 With reference to the figure, and in summary, NAV contains the following ​ With reference to the figure, and in summary, NAV contains the following ​
 functionality:​ functionality:​
  
-  * A topology ​database ​modeling ​the running network. ​ The interconnection of devices is auto detected.+  * A postgreSQL ​database, [[/​devel:​database|NAVdb]],​ (1) modelling ​the running network.  ​An [[backendprocesses#​ipdevpoll|SNMP collector]] (3) collects data from the network. ​The physical ​interconnection of devices is auto detected, as well as the vlan topology.
  
-  * A status monitor that detects network outages. ​ For severe cases NAV will pinpoint root cause, thus  solving a potential problem ​of information overload  ​(which in turn can decrease the overall downtime).+  * A [[/​backendprocesses#​pping|status monitor]] (3) that detects network outages. ​Both IPv4 and IPv6 are supported. ​For severe cases where many devices are down NAV will try to pinpoint ​the root cause of the problem ​(i.e. distinguishing between devices down and devices ​in shadow)
  
-  * Traffic statistics for all "​intersections"​ in the network; ​ i.e. all router and switch ports. Octet, packet and error  counters are collected, along with CPU and memory statistics ​ (and more). ​NAV also gathers ​statistics ​on serversi.e.  disk usagememory, load etc.+  * [[sortedstats|Traffic statistics]] (2,​20) ​for all "​intersections"​ in the network; ​ i.e. all router and switch ports. Octet, packet and error  counters are collected, along with CPU and memory statistics, temperature sensors ​ (and more). ​Use the [[sortedstats#​ranked_statistics|"​ranked ​statistics"]] (19) to present a list of interfaces with most trafficthe highest error counts, etc. The traffic statistics collection uses [[http://​people.ee.ethz.ch/​~oetiker/​webtools/​rrdtool/​|RRDTool]] and [[http://​cricket.sourceforge.net/​|Cricket]]. NAV automatically builds the Cricket configuration tree for you.
  
-  * Machine ​tracker ​with historical data on the movements of all connected ​machines ​in the network.+  * A [[machinetracker|machine ​tracker]] (12) where you can search for machines and where they currently are connected in the network, or where they have been connected ​earlier. Search for mac addresses, IPv4 or [[ipv6|IPv6]] addresses.  
 +    * A [[macwatch|Mac Watch tool]] that let you set up a watch list for mac addresses that will trigger alarms if watched mac addresses appear on the network.  
 +    * If you use 802.1X authentication ​in the wired or wireless ​network ​(i.e. eduroam), use NAV's radius-base [[radius|usertracker]] (12) to search for authenticated users.
  
-  * A traffic map that displays ​ topology on layer 3 with drill down view of the underlying layer 2 topology. Traffic and router CPU load are shown on the same map.+  * A machine detention tool (11: [[arnold|Arnold]]) lets you detain machines from the network, either by blocking ​the access switch port, or change the vlan to a quarantine vlan. A back-end script that easily integrates with external system can run automated detention jobs.
  
-  * A network ​explorer giving a graphical tree-structured display of the network on layer 2, also showing spanning tree statesYou may for instance search for a particular server ​and the network explorer will expand the relevant switches to show a network trace to the server.+  * A network ​weather map (18, [[/​netmap|Netmap]]) that displays ​the layer 3 and layer 2 topology and current traffic conditionsDropdown menues give detailed information ​and links to the traffic statistics.
  
-  * Reports ​that lists the inventory of routers and switches in the network. Information on software version, equipment type, location etc. Also detailed information of router ​and switch ports with data on IP address ​prefixes, vlans, port speed and duplex etc.+  * A geographical map (18, [[geomap|Geomap]]) ​that shows network ​topology ​and traffic ​on an [[http://​www.openstreetmap.org/​|OpenStreetMap]]. You can view the current traffic conditions or you can step back in time
  
-  * A threshold monitor that gives alarms based on high load / high error rates or severe CPU load etcHysteresis is used as basis for the statefull threshold monitor.+  * A [[networkexplorer|network explorer]] (17) giving a graphical tree-structured display of the network ​on layer 2, also showing spanning tree statesYou may for instance search for a particular server and the network explorer will expand the relevant switches to show a network trace to the server.
  
-  * A service monitor ​that reports on service outages. Support for the most important services; ssh, http, imap, pop, smtp, smb, rpc, dns, dc. Can easily be expanded to support more services.+  * A [[layer2trace|layer 2 traceroute tool]] (16) that traces ​the physical path between two machines in the network
  
-  * A module monitor ​that detects outage ​of switch or router ​componentsi.eindividual switches in switch stack or modules in chassis.+  * [[reporttool|Reports]] (13) that lists the inventory of routers and switches in the network. Information on software version, equipment type, location etc. Also detailed information ​of router ​and switch ports with data on IP address / prefixesvlans, port speed and duplex etcCSV export supportedIncludes ​subnet matrix that gives good overview of your allocated IPv4 and IPv6 prefixes. Also includes an overall downtime report for last month and a report that list unregistered network gear (based on CDP, soon LLDP, discovery).
  
-  * A general event system ​that processes ​all eventsincluding alarms from external systems.+  * An [[ipdeviceinfo|IP Device Info tool]] (15) that serves as a dashboard presenting ​all collected information about a device. For switches and routers this includes a graphical layout of all ports showing link speedduplex, vlan and status. A separate view displays the link history of switch ports thus giving an overview of the switch port utilization ratio.
  
-  * A flexible alert system, where each NAV user can adjust his own profile with fine-grained control options. Currently support ​for email and SMS, can easily be expanded in the future. Profiles can be made to adjust the volume and types of alarms wanted, typically as function of time of day and week+  * A [[devicemanagement|device history tool]] (14) that displays all occurred events ​for a physical device (a given serial number)
  
-  * A message system ​(message of the day) that displays operational messages to IT support staff and end users.+  * A [[backendprocesses#​thresholdmon|threshold monitor]] ​(7) that gives alarms based on high load / high error rates or severe CPU load etc. The threshold monitor is highly configurable through [[thresholdmanager|the Threshold Manager web interface]]. The monitor understand states ​and will prevent alarm flapping by using hysteresis.
  
-  * A logistics system ​(device tracker) that keeps track of the movement of devices from ordering to their end of life.+  * A module monitor ​(5) that detects outage ​of switch or router components, i.e. individual switches in a switch stack or modules in a chassis.
  
-  * A general mechanism for authentication and authorization of NAV usersOn a group level rights can be adjusted for all users of the system.+  * A [[backendprocesses#​servicemon|service monitor]] (6) that reports on service outagesSupport the most important services; ssh, http(s), imap(s), pop, smtp, smb, rpc, dns, smb, dc, rpc, dhcp, ftp, smb, mysql, postresql, oracle, radius. Can easily ​be expanded to support more services. 
 +  
 +  * A general [[backendprocesses#​eventengine|event system]] (8) that processes ​all events, including alarms from external systems. Alarms from external systems are either sent as snmptrap to the NAV [[snmptrapd|snmp trap daemon]] or as email to NAV's [[devel:​blueprints:​mailin|mailin ​system]].
  
 +  * A flexible [[backendprocesses#​alertengine|alert system]] (9), where each NAV user can adjust his own profile (using [[alertprofiles|the tool alert profiles]], 21) with fine-grained control options. Currently support for sending email, SMS and jabber alerts. The profiles can be made to adjust the volume and types/​severities of alarms wanted, this as a function of time and day of the week. 
  
-**Please note** that all statistics are stored using [[http://​people.ee.ethz.ch/​~oetiker/​webtools/​rrdtool/​|RRDTool]] and [[http://​cricket.sourceforge.net/​|Cricket]] is used as the main statistics collector. RRDTool and Cricket are not a part of NAV, they are third party GPL software. ​ NAV will however auto generate the Cricket configuration tree based on data from the NAV topology database.+  ​[[statustool|status page]] (22) that shows the current status ​of all events.
  
 +  * A switch port configuration tool, [[portadmin|portAdmin]] (10), that lets the NAV user change interface description and vlan values of switch ports. The tool uses SNMP write to perform its job.
  
-====== NAV answers your questions ​====== +In addition: 
-NAV is developed by network engineers with years of experienceoperating large campus networks. NAV development has been going on for more than five years. Our priority has always been; implement the feature we lack most first. The overall objective has been indisputable:​+ 
 +  * A [[messagestool|message system]] that displays operational messages to IT support staff and end users.  
 + 
 +  * A [[maintenancetasks|maintenance tool]] to put devices on maintenance for a planned time period and thus suppress alarms. 
 +  
 +  * A [[sysloganalyzer|Cisco Syslog Analyzer]] that structures and lets you search syslog messeges from Cisco devices. 
 + 
 +  * A general mechanism for authentication and authorization of NAV users. Supports LDAP and Active Directory. Use the [[useradminpanel|user adminstration tool]] to manage users and on a group level set the appropriate authorization level. NAV administrator can "​sudo"​ to other users to see/adjust their setup. 
 + 
 + 
 +===== NAV answers your questions ===== 
 +NAV is developed by network engineers with years of experience ​in operating large campus networks. NAV development has been going on for more than 12 years. Our priority has always been; implement the feature we lack most first. The overall objective has been indisputable:​
  
   * Reduce overall downtime, be even better, be ahead, work proactive.   * Reduce overall downtime, be even better, be ahead, work proactive.
  
-To illustrate how NAV might help you in your work environment,​ here are some questions you might ask yourselves. NAV can answer them for +To illustrate how NAV might help you in your work environment,​ here are some questions you might ask yourselves. NAV can answer them for you:
-you:+
  
   * What is the current status of our network and system operations? Is the network running properly? How are the servers (and their services) doing?   * What is the current status of our network and system operations? Is the network running properly? How are the servers (and their services) doing?
Line 73: Line 92:
   * What traffic volumes do we have? Are there any  bottlenecks,​ if so, where? What are the traffic trends? Where should we upgrade first?   * What traffic volumes do we have? Are there any  bottlenecks,​ if so, where? What are the traffic trends? Where should we upgrade first?
  
-  * What does the network look like? How is it interconnected? ​ What is the scope of the various vlans / subnets? Where is  server X connected ​again?+  * What does the network look like? How is it interconnected? ​ What is the scope of the various vlans / subnets? Where is  server X connected?
  
   * Do we see any traffic storms? In what direction does traffic flow?   * Do we see any traffic storms? In what direction does traffic flow?
Line 81: Line 100:
   * How many computers are connected totally? How many of these are student PCs? How many are staff computers? ​   * How many computers are connected totally? How many of these are student PCs? How many are staff computers? ​
    
-  * What are the movements in the network of laptop Y that seems to be compromised. Where has he been the last 30 days? Where is he now? +  * What are the movements in the network of laptop Y that seems to be compromised. Where has he been the last 90 days? Where is it now? 
  
   * What type of network equipment do we have in our network? What kind of switches and routers, how many of each, where are they located? What software and hardware versions are they running? How many modules are there in the various stacked and chassis based switches? Are there any free, or almost free, modules? Help me get the overall picture, I need to expand switch Z and are looking for spare parts... ​   * What type of network equipment do we have in our network? What kind of switches and routers, how many of each, where are they located? What software and hardware versions are they running? How many modules are there in the various stacked and chassis based switches? Are there any free, or almost free, modules? Help me get the overall picture, I need to expand switch Z and are looking for spare parts... ​
Line 91: Line 110:
   * I would like to inform end users and IT support staff at the faculties of this unfortunate event, or of another planned outage. I will use the NAV message system and put a message on the NAV home page.   * I would like to inform end users and IT support staff at the faculties of this unfortunate event, or of another planned outage. I will use the NAV message system and put a message on the NAV home page.
  
-====== NAV does not cover everything... ​====== +===== NAV does not cover everything... ===== 
-NAV helps you with many things, but not with everything (surprised?​). You will always need a //set of tools//, no tool will cover every aspect of network management. And, of course, above alle, you need knowledge of how to design and configure your network, how to troubleshoot etc.+NAV helps you with many things, but not with everything (surprised?​). You will always need a //set of tools//, no tool will cover every aspect of network management. And, of course, above all, you need knowledge of how to design and configure your network, how to troubleshoot etc.
  
 Here are some areas where NAV does //not// help you: Here are some areas where NAV does //not// help you:
  
-  * NAV is **not** ​configuration ​tool that is able to configure ​your network. ​NAV does not do any configuration of units, NAV is a monitoring tool (i.e. no SNMP write, although this will change when [[Arnold]] ​is included in NAV 3.1)+  * NAV is primarily ​monitoring ​tool NAV and is not used for configuring ​your network ​equipmentThere are however two important exceptions  ​(NAV uses SNMP write in these two cases): 
 +    * The port blocking tool [[Arnold]] 
 +    * The [[portadmin|PortAdmin]] component of [[ipdeviceinfo|IP Device Info]] that lets you configure vlan values and port descriptions of switch ports.
  
-  * NAV is not the Oracle in Delphi that will pinpoint all errors in your network. NAV tries to discover serious errors, but is by no means perfect. There are still things that need to be discovered by other means than NAV.+  * NAV is not the Oracle in Delphi that will pinpoint all errors in your network. NAV tries to discover serious errors, but is by no means perfect. There are still things that need to be discovered by other means than NAV. 
     ​     ​
   * NAV does not give you a precise report on how to solve a problem. NAV gives alerts / clear indications that something is wrong and must be corrected. You will often have to look closer at the problem, for instance by using CLI on a unit or using other tools.   * NAV does not give you a precise report on how to solve a problem. NAV gives alerts / clear indications that something is wrong and must be corrected. You will often have to look closer at the problem, for instance by using CLI on a unit or using other tools.
     ​     ​
-  * NAV does not give you end-to-end traffic data. NAV gives you traffic load for each interconnection in your network, but does not know the origin of the traffic nor where it is going. This means no end-to-end information with IP-addresses and TCP/UDP port numbers. Netflow or RMON2 may help you more with this. We recommend that you complement NAV with a netflow analysis tool; i.e. [[http://stager.uninett.no/|Stager]].+  * NAV does not give you end-to-end traffic data. NAV gives you traffic load for each interconnection in your network, but does not know the origin of the traffic nor where it is going. This means no end-to-end information with IP-addresses and TCP/UDP port numbers. Netflow or RMON2 may help you more with this. We recommend that you complement NAV with a netflow analysis tool; i.e. [[http://nfsen.sourceforge.net/|NfSen]]. 
 + 
  
  
navfeatures.1181558202.txt.gz · Last modified: 2007/06/11 10:36 by morten