Views

Telecom:OSS:FreeNMS

Contents

[edit]

Navigation



[edit]

Related categories

Simulation · TMN · Wireless · NGOSS ·


[edit]

About this page

We apologize for the little information we provide, this page is still under construction. Please stay tuned.
Image:Construction_worker.gif

[edit]

Free Network Management tools

Functionality offered by Network Management tools can be classified in the following broad categories:
  • Performance monitoring including historical reporting
  • Availability monitoring and fault management, including alarming, event correlation and escalation policies
  • Network inventory and configuration management, including assessment of security compliance
  • Assessment and testing for network infrastructure
Some tool suites (e.g. ZenOSS, GroundWorks, Hyperic HQ or Network Administration Visualized (NAV)) would however support functionality from all categories. Catalogues of public-domain and/or free Network Monitoring Tools are available here and here.

[edit]

Comparison of network monitoring tools

A comparison of Network Monitoring tools can be found here

[edit]

Performance monitoring tools

[edit]

Cacti

Cacti is a Network Performance Monitoring and graphing tool build on top of the following technologies
  • RRDTool - for fast retrieval, aggregation and storage of performance data collected through SNMP from network elements
  • MySQL - for storing collected data for historical reporting and graphing.
The Cacti frontend is written in PHP and the default collecting component is based on the php-snmp library. For higher collecting performance requirements, the cactid collector, written in native C, on top of the Net-SNMP library, can be used. Cacti has the ability to accept collector plugins, which can feed performance data from various other sources and work is being done for integrating Cacti and Nagios
[edit]

Percival

Percival is a Network Monitoring frontend for RRDTool and essentially is a redesigned Cricket, addressing some of its shortcomings. Percival is part of the larger, commercial Lancelot Network Monitoring Framework.

[edit]

Torrus and Cricket

Cricket was originally written for WebTV Networks,Inc and known as the Multi Router Performance Grapher (MRTG) running under Solaris. It was subsequently publically released under the GNU General Public License, changed its name to Cricket and adapted to run on various Unix platforms and on Windows. Cricket is based on the RRDTool data-storage mechanism, is fully written in Perl and essentially has 3 components:
  • A SNMP collecting component based on Simon Leinen's pure-Perl SNMP library and on RRDs Perl wrapper fro RRDtool.
  • A Perl-CGI graphing component running on an Apache web server and rendering data in real-time directly from the RRD files filled-in by the collecting component
  • An adaptable discovery and configuration utility (based on the listInterfaces script) that generates a polling configuration for the collecting component by enumerating all interfaces on a router.


All Cricket configurations are generated in "text" format by the discovery and configuration utility then compiled into a Berkeley DB binary format, for reasons of performance.

Cricket has limitations and shortcomings that have been partially overcame by various patches:
  • Synchronous, single-threaded operation of the collecting component, which potentially causes loss of data in case of non-responding network components or network congestion
  • Limited support for collecting other type of data than the one associated with the standard interfaces MIB (everything must be seen as an interface)
  • Low performance caused by the lack of optimization of the pure-Perl SNMP and BER libraries being used.
  • Lack of support for SNMP v3


The Torrus collecting framework is a complete rewrite of the Cricket tool, by Stanislav Sinyagin, aiming at overcoming Cricket limitations. Torrus is based on the Net::SNMP library, much more performant and well maintained than Cricket's SNMP_Session and, just like Cricket, Torrus has 3 base components:
  • A SNMP collecting component, based on Net::SNMP Perl library, with support for SNMP v3 and asynchronous operation
  • A Perl-CGI graphing component running on an Apache web server and rendering data in real-time directly from the RRD files filled-in by the collecting component
  • An adaptable discovery and configuration utility based on a plugin architecture, which recognized the supported MIBs on a device then generates the corresponding collecting configurations in XML format


All Torrus configurations are rendered in XML format by the discovery utility then compiled into a Berkeley DB binary format, for reasons of performance. Torrus supports multiple collect trees, handled by separate instances of the collector process, limited multi-threading capabilities and asynchronous operation of the collecting component, all these resulting in a dramatic performance improvement vs. Cricket. Torrus is no longer limited to represent all collected metrics as device- and interface-related metrics, instead it allows a hierarchical taxonomy of the collected metrics and, through the plugin and template mechanisms, is extensible to collecting virtually any type of data from any source (not only SNMP). Torrus also permits complex calculus on combined metrics collected in a single collect cycle, based on Reverse Polish Notation (RPN) expressions.

[edit]

OpenNMS

OpenNMS is an enterprise-grade Open Source Network Management System, engineeded in Java using the Java Management Extensions (JMX)
  • OpenNMS home
  • Hands-on JMX integration - Connecting JMX Agent to a real-life network management system [1]
[edit]

Network Weathermap

Weathermap is a network visualisation tool, to take external data data and show an overview of the network in map format. The external data may come from RRD, CSV files or external plugins

[edit]

SNMPMON monitoring utility

The snmpmon tool is actually a simple Perl application providing the following features:
  • The "daemon" running in background and monitoring arbitrary OIDs on remote hosts via SNMP, based on the SNMP::Monitor Perl package
  • The snmpmon command-line frontend, allowing for configuration and rendering tasks


The SNMP::Monitor can store the data it polls into a MySQL database from where more complex processing can be achieved by custom applications.

[edit]

SCotty

Scotty is a software package for implementing in TCL site specific network management mechanisms, using the TNM extensions.

[edit]

TStat

The TCP Statistic and Analysis Tool (TStat) is a passive sniffer that analyzes the network traffic it sees and provides:
  • Distribution histograms of traffic densities and parameters observed in the different flows
  • Storage of observed statistics in a RRDTool - round-robin database
  • Logging of measured parameters


TStat can also run its analysis offline, on a capture file obtained through using other sniffers (e.g. tcpdump, netscout, snoop, etherpeek, etc). TStat can be used to assess the health of IP Telephony network infrastructures by providing detailed measurements on RTP streams, including packet loss and jitter statistics.

[edit]

Smokeping

The Smokeping "base" tool measures latency and packet loss (average, peak and distribution) statistics using the ICMP PING for probing distant network devices. SmokePing provides an advanced alarm system, based on thresholds and expected (scripted) behaviors, which can send E-Mails or trigger execution of custom scripts. Smokeping can be extended with other (than ICMP PING) "probes", which use arbitrary test sequences to measure delays and packet loss. Probes exist already for DNS, SSH, CURL, LDAP, SMTP, Radius, etc.

[edit]

MPing

The MPing tool permits collecting packet latency and loss statistics in a TCP/IP network using ICMP echo (PING) requests, providing graphing and reporting capabilities.

[edit]

JFFNMS

JFFNMS is a portable Network Management System written in PHP, running on Linux FreeBSD and Windows, using a mySQL/PostgreSQL backend and supporting a host of advanced features, from TACACS+ integration to Brocade fiber-channel switch monitoring.

[edit]

Other tools

  • Network Tracker is a user (MAC) tracker daemon [2]
Scans network devices and records a MySQL database which user is connected on which port of a switch
  • RogueScanner - Open Source Rogue Detection
  • Packetyzer - a free packet analyzer for Windows [3]
  • BlueScanner - free Bluetooth vulnerability assessment [4]
  • The Cisco-centric Open Source Community [5]
  • Open Source Network Management tools for Windows [6]
Ethereal-XTRA, MRTG-XTRA, Net-SNMP-XTRA, NTop-XTRA, Windump-XTRA, NMap-XTRA


[edit]

NetFlow, SFlow and IPFix tools

NetFlow 9 is defined by RFC3954.
The IP Flow Information Export (IPFIX) is being defined by RFC3955 as a draft and Cisco already has draft-compliant implementations not directly interoperable with NetFlow.
The sFlow industry standard uses a flow sampling technology to collect statistics from devices and, being stateless and more efficient than NetFlow, is applicable to high speed networks.
Other flow measurement technologies exist, among which:
NetFlow is currently available on network devices from Cisco, Enterasys, Extreme Networks, Foundry Networks, 3com and Riverbed.
sFlow is currently available on network devices from Alcatel, Extreme Networks, Foundry Networks, Hitachi, NEC, Alaxala Networks, Allied Telesis, Hewlett Packard,Comtec Systems, Force10 Networks.
IPFIX is currently implemented on some Nortel and Cisco network devices.

Netflow considerations:
  • Processor impact (router) is generally low, but does need to be considered if your CPU is high or spiking already.
One reference based on testing says about 4% CPU impact for 10,000 active flows, up to 16% for 65,000 active flows (but " mileage may vary").
  • Memory impact is about 64 bytes per cache entry, and can be controlled by adjusting the cache size,
at least in software-based platforms (1 to 512 KB). The Cisco 65xx does NetFlow in hardware and cache size isn't configurable (from 32 to 230 K flows, based on PFC2 to PFC3BXL).
  • Sufficient collector capacity. This is a characteristic of the Operating System and collection software used. For instance the Fluke Networks' collector ("Harvester") can handle approximately 20 routers, sometimes as many as 50, but this depends on the rate at which it is receiving flow information. That can be more than 100,000 flows / second.
  • Where a large number of flows are to be metered, sFlow, based on sampling and less resource-hungry, is a better choice


Resources:

[edit]

nTop/nProbe

  • nTop Overview [13]
  • Luca Deri's nTop - network-usage and traffic probing tool [14]
  • PF_RING - network socket for fast packet capture speed [15]
  • Improving Passive Packet Capture - Beyond Device Polling [16]
  • High-Speed Dynamic Packet Filtering [17]
  • The ntop Project - Open Source Network Monitoring [18]
  • nProbe - extensible IPv4/v6 NetFlow v5/v9/IPFIX GPL Probe [19]
  • nProbe Catapult Appliances with hardware acceleration [20]
Catapult Appliances are using Napatech (formerly Xyratex) nPulse adapters, with prices based on configurations.
Base pricing for the entry level nProbe Catapult Appliance (without nPulse acceleration) is $3,999 while the base pricing for an nPulse adapter (2 port, GigE) is $2,300
  • nBox86 - the Embedded nTop and nProbe on a generic x86 PC [21]
  • nBox - the Embedded NetFlow Probe [22] based on Avocent (formerly Cyclades) TS100 (now Avocent TES0061) box
    • Cyclades TS100 PPC-based mini-server [23] (based on Hard Hat Linux)
    • Avocent Cyclades TS Series [24]
    • Cyclades Downloads/Documentation [25]
    • Cyclades TS100 nQuirer NetFlow probe manual and firmware download


[edit]

IPFlow

The IPFlow tool is a Netflow collector developed by UTC (University of Technology of Compiegne, France) and running on a variety of Unix platforms. It supports NetFlow versions up to v9, as well as IPV6 and MPLS NetFlow records, stoting collected metrics into a RRDTool round-robin database IPFlow has post-processing tools (which take their data from the RRD database) and a simulation tool. The simulation tool allows analysis of real Ethernet traffic and generation of NetFlow records in several formats.

[edit]

Availability monitoring and fault management tools

These are network monitoring tools that measure the availability and performance of applications, services, network equipment, servers, and other IT infrastructure components. Generally these tools provide web-based real-time views of monitored metrics, notify when critical conditions are met and keep a history of status changes and performance data in an external DB.

[edit]

Nagios

  • Nagios (formerly NetSaint) home page
  • Nagios Service Level Monitoring with Nagios [26]
  • Enabling Nagios Database support [27]
  • Extending Nagios [28]
  • Integrating Nagios and Ganglia [29]
  • Service and Host Monitoring with Nagios [30]
  • Monitoring Systems and Services [31]
  • Nagios in high availability environments [32]
  • Service Level Monitoring with Nagios [33]
  • Nagios Data Collection Scripts for Cacti [34]
  • The Open Road - Nagios [35] and Extending Nagios
  • Nagios vulnerabilities [36]


[edit]

Zabbix

Zabbix is a semi-commercial, open-source network management system geared toward monitoring of server-based infrastructure, namely services, processes and hardware. It can work in agent-based and agent-less (SNMP) modes. When compared to Nagios it scores relatively high in features. An online-demo of Zabbix is available here.

[edit]

Groundworks Open Source

GroundWork Monitor measures the availability and performance of applications, network equipment, servers, and other components. These metrics are presented via a browser-based interface and consolidated for analysis and reporting.
  • GroundWork Monitor Architecture Overview [37]
  • GroundWork Monitor Operator Guide [38]
  • The Next Wave for Open Source IT Management [39]


[edit]

Ganglia

Ganglia is a web-enabled cluster-monitoring tool, displaying real-time data for the individual systems and the aggregate cluster. Ganglia is based on agents (multithreaded daemons) running on each cluster node to collect and communicate the host state in real time. It monitors CPU load, memory usage, and network traffic but new metrics to monitor can be added with the gmetric tool.

[edit]

Argus

Argus is essentially a service-availability monitoring tool, with some performance-monitoring capabilities. Argus runs at regular intervals test sequences against servers specified in a "service" configuration, using (among other tests):
  • ICMP/Ping
  • DNS queries
  • HTTP test requests
  • SNMP requests
  • TCP conection requests and UDP requests on service-specific ports (e.g. TCP/IMAP, UDP/Portmap, UDP/SIP, etc)
  • other specific test requests (e.g SQL queries to check a database availability and performance)


Optionally, arbitrary user-defined scripts can be invoked by the service-test sequences. The metrics gathered following the test sequences (e.g. values returned by SNMP queries or response times) are graphed in real-time. Argus does not use RRDTool neither a database for storing the results of its polling cycles.

[edit]

Big Sister

Big Sister is a network monitoring tool that measures the availability and performance of applications, network equipment, servers, and other components. It provides a web-based real-time view of monitored metrics, notifies when critical conditions are met, keeps a history of status changes and performance data in a mySQl DB.
  • Introducing Network Monitoring with Big Sister [41]
  • Big Sister documentation page [42]


[edit]

SE/XW Toolkit



[edit]

Network and server Inventory, change and configuration management (NCCM)

These are tools able to retrieve and audit configurations from network elements, to keep an inventory of Network Components with their attributes. Some tools can also automatically push configuration and firmware updates to devices.

[edit]

NetDisco

Netdisco is a web-based network management tool designed for moderate to large networks. It retrieves by SNMP configuration information and connection data for network devices and can locate the switch port of an end-user system by IP or MAC address. It can optionally discover the network topology as seen by the Cisco Discovery Protocol (CDP) using DNS queries and the CDP MIB. It does not use CLI access and has no need for privilege passwords. The network inventory contains the device models and their firmware versions. Netdisco uses router ARP tables and L2 switch MAC forwarding tables to locate nodes on physical ports and track them by their IP addresses and can locate (on the wire-side) the Wireless Access Points (AP). Data is stored into a SQL database and contains, for each node, a time stamped history of the ports it has visited and the IP addresses it has used is maintained.
  • NetDisco home page
  • NetDisco presentation [44]
  • The SNMP::Info package (on which NetDisco is based) - object oriented interface to SNMP-based information


[edit]

RANCID

The "Really Awesome New Cisco confIg Differ" (RANCID) tool monitors a network device's hardware and software configuration and keeps in a version control repository (CVS or Subversion) a history of changes. Once changes are detected, the tool can alert through E-mail. Rancid is known to be used by major providers like AOL, Global Crossing, MFN, NTT America and others and supports a variety of devices from Cisco, Juniper, Foundry, Nortel and others.
  • RANCID - "Really Awesome New Cisco conflg Differ" primer
  • RANCID home page


[edit]

ZipTie

ZipTie is an Open Source, limited edition of Alterpoint AlterPoint's DeviceAuthority/NetworkAuthority Suite framework. The commercial product (NetworkAuthority) starts at $100,000, however, using the ZipTie Development Environment, developers can add into the ZipTie Open Source framework custom adapters for any network device. It is expected that some Alterpoint NetworkAuthority commercial adapters go Open Source and become available with ZipTie
  • ZipTie home page and wiki
  • ZipTie Open Source Reaches Another Milestone [45]
  • ZipTie Network Inventory Framework [46]
  • ZipTie Adapter Framework [47]


[edit]

NetDirector

NetDirector is a Web-based systems administration tool for Linux and Solaris platforms allowing for automatic and manual system configuration. It provides an embedded CMDB for management of UNIX services and role-based-permissions authentication plugins for LDAP and Kerberos. The central NetDirector Manager server, based on Java technology, communicates with NetDirector agents running on the administered systems.

[edit]

LanDB

LanDB - the Network Management Database allows network administrators cataloging all connections, closets, and network hardware on a network. It uses MySQL and Perl with a web-based management package. For the most part the information (like jacks, switch ports, cabling)is entered manually but for some equipment types part of this information is queried automatically through SNMP from devices
  • LanDB - The Network Management Database on Sourceforge


[edit]

Cacti

Cacti has a plugin for managing routers and switches configurations. It allows traps/syslog detection with activation of the config download on the host which received the trap
  • Cacti plugin for download/upload routers switches configuration


[edit]

Nipper

Nipper is a security audit tool for network device configurations. The reports produced by Nipper provide detail on security-related issues. The tool supports most types of "wired" Cisco devices (no support for wireless APs) as well as Juniper Netscreen Firewalls

[edit]

Assessment and testing

Network assessments aim to measure performance (network- and application-level) in heavy-load conditions. Tools like OpenSTA or iPerf are used in assessment and performance testing in order to create synthetic network load.

[edit]

OpenSTA

OpenSTA is a distributed software testing architecture for performing scripted HTTP and HTTPS heavy load tests with performance measurements primarily from Win32 platforms, for which OpenSTA has been developed (in C++).
  • OpenSTA home page and portal
  • Success story with OpenSTA [48]
  • OpenSTA Overview [49]
  • Progressive Performance Testing with OpenSTA [50]
  • Performance Testing Web Applications with OpenSTA [51]
  • Analyzing OpenSTA Performance Results [52]


[edit]

IPerf

Iperf is a network-stress tool for measuring maximum TCP bandwidth and tuning of various network parameters Iperf reports bandwidth, delay jitter, datagram loss.
  • iPerf home page
  • Performance and Bandwidth Testing for Data Circuits [53]


[edit]

Packet generators

Packet generators are useful tools for troubleshooting routing problems, NAT or firewall issues.

[edit]

IP Sorcery

IP Sorcery is a TCP/IP packet generator. It can send IP, TCP, UDP, ICMP, and IGMP packets from the console or with a GTK+ interface.

[edit]

Other Packet generator tools

  • Generator and Analyzer System for Protocols (GASP) [54]
  • GSpoof [55]
  • Hping - command-line TCP/IP packet assembler/analyzer [56]
  • Packet Excalibur - graphical and scriptable network packet engine [57]
  • packETH - ethernet packet generator [58]
  • Packit network auditing tool - Network Injection and Capture [59]
  • Paketto Keiretsu TCP/IP toolkit [60]
  • SendIP - commandline tool for sending arbitrary IP packets [61]
  • TCPReflector - a Java TCP/IP packet redirector & testing tool, useful for inspecting TCP traffic and simulating TCP disconnect and reconnect scenarios
Retrieved from "http://www.mindtrek.dnsalias.net/components/com_mambowiki/index.php/Telecom:OSS:FreeNMS"