User Tools

Site Tools


navfeatures

This is an old revision of the document!


NAV features at a glance

Introduction

Network Administration Visualized is an advanced software suite to monitor large computer networks. It automatically discovers network topology, monitors network load and outages, and can send alerts on network events by e-mail and SMS, allowing for flexible configuration of alert profiles.

NAV was developed at the Norwegian University of Science and Technology (NTNU). Development started in 1999. It originated as a collection of scripts used internally at NTNU's ITEA Network group. In 2001 UNINETT became interested in its development, and has since been funding NAV development at NTNU on behalf of all universities and colleges in Norway.

As of 2004 NAV is made freely available under the GNU General Public License. NAV runs on a unix platform, software packages are currently available for Redhat, Debian and FreeBSD.

The figure below gives an overview of NAV. As shown, the NAV database is the heart of the system (background processes are on the bottom of the figure, foreground web tools are on the top).

The NAV model

With reference to the figure, and in summary, NAV contains the following functionality:

  • A topology database modeling the running network. The interconnection of devices is auto detected.
  • A status monitor that detects network outages. For severe cases NAV will pinpoint root cause, thus solving a potential problem of information overload (which in turn can decrease the overall downtime).
  • Traffic statistics for all “intersections” in the network; i.e. all router and switch ports. Octet, packet and error counters are collected, along with CPU and memory statistics (and more). NAV also gathers statistics on servers, i.e. disk usage, memory, load etc.
  • Machine tracker with historical data on the movements of all connected machines in the network.
  • A traffic map that displays topology on layer 3 with drill down view of the underlying layer 2 topology. Traffic and router CPU load are shown on the same map.
  • A network explorer giving a graphical tree-structured display of the network on layer 2, also showing spanning tree states. You may for instance search for a particular server and the network explorer will expand the relevant switches to show a network trace to the server.
  • Reports that lists the inventory of routers and switches in the network. Information on software version, equipment type, location etc. Also detailed information of router and switch ports with data on IP address / prefixes, vlans, port speed and duplex etc.
  • An IP device center that serves as a dashboard for a particular device with all information gathered, including a graphical view

used and unes switch and/or router ports.

  • A threshold monitor that gives alarms based on high load / high error rates or severe CPU load etc. Hysteresis is used as basis for the state full threshold monitor.
  • A module monitor that detects outage of switch or router components, i.e. individual switches in a switch stack or modules in a chassis.
  • A service monitor that reports on service outages. Support for the most important services; ssh, http, imap, pop, smtp, smb, rpc, dns, dc. Can easily be expanded to support more services.
  • A general event system that processes all events, including alarms from external systems.
  • A flexible alert system, where each NAV user can adjust his own profile with fine-grained control options. Currently support for email and SMS, can easily be expanded in the future. Profiles can be made to adjust the volume and types of alarms wanted, typically as a function of time of day and week.

In addition:

  • A switch port blocking tool (Arnold). Use it to manually block switch ports and thereby take machines off the network, or use it to run automated blocking raids. Requires SNMP write access to the switches.
  • A layer 2 traceroute tool.
  • A Cisco Syslog Analyzer that structures and lets you search syslog messeges from cisco devices.
  • A message system that displays operational messages to IT support staff and end users.
  • A maintenance tool to put devices on maintenance for a planned time period and thus suppress alarms.
  • A logistics system (device tracker) that keeps track of the movement of devices from ordering to their end of life.
  • A general mechanism for authentication and authorization of NAV users. On a group level rights can be adjusted for all users of the system.

Please note that all statistics are stored using RRDTool and Cricket is used as the main statistics collector. RRDTool and Cricket are not a part of NAV, they are third party GPL software. NAV will however auto generate the Cricket configuration tree based on data from the NAV topology database.

NAV is developed by network engineers with years of experience, operating large campus networks. NAV development has been going on for more than five years. Our priority has always been; implement the feature we lack most first. The overall objective has been indisputable:

  • Reduce overall downtime, be even better, be ahead, work proactive.

To illustrate how NAV might help you in your work environment, here are some questions you might ask yourselves. NAV can answer them for you:

  • What is the current status of our network and system operations? Is the network running properly? How are the servers (and their services) doing?
  • What traffic volumes do we have? Are there any bottlenecks, if so, where? What are the traffic trends? Where should we upgrade first?
  • What does the network look like? How is it interconnected? What is the scope of the various vlans / subnets? Where is server X connected again?
  • Do we see any traffic storms? In what direction does traffic flow?
  • Which organizational units do we serve? Which IP prefixes do they occupy? How many machines do they have on a maximum/average? How are we utilizing our (precious) IP address scope (on the individual subnet level and on the global level)?
  • How many computers are connected totally? How many of these are student PCs? How many are staff computers?
  • What are the movements in the network of laptop Y that seems to be compromised. Where has he been the last 30 days? Where is he now?
  • What type of network equipment do we have in our network? What kind of switches and routers, how many of each, where are they located? What software and hardware versions are they running? How many modules are there in the various stacked and chassis based switches? Are there any free, or almost free, modules? Help me get the overall picture, I need to expand switch Z and are looking for spare parts…
  • Do we have any duplex problems? Do we have high error rates on any switch ports? Do we see packet drops?
  • Just now we have a hardware failure or an unpredicted power outage… or a massive DDOS attack has just started… Please send me a SMS alarm on my mobile (but only send the most severe alarms after work hours). Which router has high CPU load? What devices are down? What seems to be the root cause here?
  • I would like to inform end users and IT support staff at the faculties of this unfortunate event, or of another planned outage. I will use the NAV message system and put a message on the NAV home page.

NAV helps you with many things, but not with everything (surprised?). You will always need a set of tools, no tool will cover every aspect of network management. And, of course, above all, you need knowledge of how to design and configure your network, how to troubleshoot etc.

Here are some areas where NAV does not help you:

  • NAV is not a configuration tool that is able to configure your network. NAV does not do any configuration of units, NAV is a monitoring tool (i.e. no SNMP write, the exception being Arnold which is included since NAV 3.1)
  • NAV is not the Oracle in Delphi that will pinpoint all errors in your network. NAV tries to discover serious errors, but is by no means perfect. There are still things that need to be discovered by other means than NAV.
  • NAV does not give you a precise report on how to solve a problem. NAV gives alerts / clear indications that something is wrong and must be corrected. You will often have to look closer at the problem, for instance by using CLI on a unit or using other tools.
  • NAV does not give you end-to-end traffic data. NAV gives you traffic load for each interconnection in your network, but does not know the origin of the traffic nor where it is going. This means no end-to-end information with IP-addresses and TCP/UDP port numbers. Netflow or RMON2 may help you more with this. We recommend that you complement NAV with a netflow analysis tool; i.e. Stager.
navfeatures.1191073313.txt.gz · Last modified: 2007/09/29 13:41 by faltin