Mc lc

Qun l mng1. Qun l mng l g?

22. Kin trc h tng ca qun l mng ..

93. C cu qun l mng Internet

144. ASN.1 5. Tng la ..

316. Tm tt ..

397. Bi v nh v cc cu hi tho lun 418.1 Th no no qun tr mng?Qua by chng u tin ca sch,chng ta bit rng mt mng cha nhiu thnh phn phc tp,gm nhiu mnh phn cng v phn mm t cc lin kt,cc cu,router,host v cc thit b khc bao gm cc thnh phn vt l ca mng cho cc giao thc (trong c phn cng v phn mm) kim sot v phi hp cc thit b ny.Khi hng trm hay hng nghn cc thnh phn c lin kt vo nhau bi mt t chc to thnh mt mng,khng c g l ngc nhin nu cc thnh phn thnh thong trc trc, dn n cc thnh phn mng s khng cu hnh c,ti nguyn mng s b overutilized,hay cc thnh phn mng s n gin b break- ph v( v d cp b ct,hay b nc soda b ln router).Qun tr mng,cng vic ca h l gi cho mng up and running, phi c kh nng p ng (tt hn,trnh) cc ri ro.Vi hng ngn cc thnh phn ca mng c kh nng tri ra trn mt din rng,qun tr mng trong mt trung tm hot ng mng (NOC) hin nhin cn cc cng c gim st,qun l v iu khin mng.Trong chng ny chng ta s nghin cu cc kin trc,giao thc v cc c s thng tin c dng bi qun tr vin trong nghim v ny.

Trc khi xem xt qun tr mng,chng ta xem xt mt vi v d minh ha trong th gii thc khng- mng ,cc tnh hung trong mt h thng phc tp vi cc thnh phn tng tc cn phi c theo di,qun l v iu khin bi qun tr vin.Nhng nh my sinh ra nng lng in (t nht l nh m t trong cc phng tin truyn thng ph bin v d, phim nh China Sydrome) c mt phng iu khin ni m quay,o,v c n theo di tnh trng( nhit ,p sut,lu lng) ca van iu khin t xa,ng dn v cc linh kin khc.Nhng thit b ny cho php ngi vn hnh tin hnh theo di cc thnh phn ca nh my v c th cnh bo nhng ngi vn hnh ( cnh bo vi n mu ) khi m s c xy ra. Cc hot ng c thc hin bi nhng ngi vn hnh nh my kim sot nhng thnh phn ny.Tng t mt bung li my bay l mt dng c cho php phi cng kim sot v iu khin cc thnh phn m to ra my bay.Trong v d th hai ny, qun tr vin gim st t xa cc thit b v phn tch d liu ca h m bo rng chng ang hot ng v cc hot ng nm trong gii hn quy nh( v d : li ca mt nh my in ht nhn chy tan gy phng x khng phi l sp xy ra hay xy ra chy nguyn liu), phc hi iu khin h thng bng cch iu chnh p ng nhng thay i trong h thng hay mi trng ca n,v ch ng qun l h thng,vi d bng cch pht hin cc xu hng hoc hnh vi bt thng, cho php hnh ng s c thc hin trc khi pht sinh vn nghim trng. Trong hng tng t,qun tr mng s tch cc theo di,qun l v kim sot h thng nhng th c giao ph.

Trong nhng ngy u ca mng, khi cc mng my tnh c nghin cu to tc ch khng phi ch l mt c s h tng gii hn bi hng triu ngi dng mi ngy, vai tr ngi qun tr mng l khng th vng mt. Nu bt gp mt vn , ngi ta c th chy mt vi ping xc nh v tr ngun gc ca vn v sau sa i ci t h thng, reboot li phn cng hoc phn mm, hoc gi mt ng s t xa thc hin nh vy. (Mt bi tho lun hay v v sp u tin ca ARPAnet, ngy 27 thng 10 nm 1980 xy ra rt lu trc khi cng c qun l mng sn sng, v nhng n lc thc hin phc hi v hiu r s sp l [RFC 789]). Khi Internet cng cng v mng ni b t nhn pht trin t cc mng nh thnh cc c s h tng ton cu ln, s cn thit phi c thm h thng qun l qun l s lng ln cc phn cng v cc thnh phn mm trong nhng mng ny ngy cng tr nn quan trng hn.

Nhm thc y nghin cu v qun l mng, chng ta hy bt u bng mt v d n gin. Hnh 8,1-1 minh ha mt h thng mng nh gm ba routers, v mt s host v server. Ngay c trong mt mng n gin, c rt nhiu tnh hung m mt qun tr vin c thun li ln t cc cng c mng c qun l ph hp:

S hng hc ca mt card giao din ti mt host (v d, H1), hoc mt router (v d A). Vi cng c qun l mng thch hp, mt thc th mng (v d: router A) c th report ti qun tr mng mt trong cc giao din ca n b gone down ( iu ny chc chn l tt hn so vi mt cuc gi in thoi n NOC t ngi s dng tc gin khi ni rng kt ni mng b down). Qun tr mng s tch cc theo di v phn tch lu lng mng c th impress vi nhng ngi dng bng cch thc s pht hin ra cc vn trong giao din trc thi hn v thay th cc card giao din trc khi n b li. iu ny c th c thc hin, v d, nu qun tr vin ghi nhn s gia tng ca li checksum trong cc khung ang c gi bi giao din sp b cht. Gim st lu lng h tr trong vic trin khai ngun nhn lc. Mt qun tr vin mng c th gim st lu lng t ngun n ch v thng bo, v d, bng cch chuyn i servers gia cc phn on mng LAN, s lng ln lu lng truy cp qua nhiu mng LAN c th c gim ng k. Khng b mt chi ph cho thit b mi (c bit l trong qun tr cao hn) mang li hiu sut cao hn . Tng t, bng cch gim st vic s dng link, Qun tr vin c th xc nh mt phn on mng LAN, hoc external link ti th gii bn ngoi b qu ti v mt lin kt bng thng ln hn cn c c cung cp (vi chi ph tng thm). Cc qun tr mng cng mun c t ng thng bo khi mc tc nghn trn mt lin kt vt qu mt gi tr ngng nht nh gii quyt mt vn trc khi n tr nn nghim trng. Pht hin nhanh chng nhng thay i trong bng nh tuyn. Thay i tuyn ng thng xuyn flapping trong cc bng nh tuyn - C th ch ra s mt n nh trong tuyn ng hoc mt tuyn ng i sai. Chc chn l qun tr mng cu hnh khng ng mt router hn l pht hin ra li ca mnh trc khi mng gone down . Gim st SLAs. Vi s ra i Service Level Argmeement ( Tha thun mc dch v ) (SLA) xc nh c th s liu hiu sut v mc chp nhn c v hiu sut mng vi nh cung cp. Trong vic theo di lu lng s liu tng ng k trong nhng nm trc [Larsen 1997]. UUnet v AT & T ch l hai trong s nhiu nh cung cp mng nhiu m bo SLAs [UUNet 1999, AT & T 1998] cho khch hng ca h. Nhng SLAs ny bao gm dch v sn c, tr, nng lc t x l v cc yu cu thng bo ngng chy. R rng, nu cc tiu chun hiu sut l mt phn ca hp ng dch v gia mt nh cung cp mng v ngi s dng tiu chun , th vic o lng v hiu nng qun l s c tm quan trng ln vi ngi qun tr mng. Pht hin xm nhp. Qun tr mng mun c thng bo khi mng lu lng truy cp n t u, hoc ch n, mt ngun ng ng (v d, host tr hoc s cng). Tng t, qun tr mng c th mun pht hin (v trong nhiu trng hp l lc) c s tn ti chc chn ca mt s loi lu lng truy cp (v d, cc gi tin nh tuyn m ngun, hoc mt s lng ln cc gi SYN hng n mt host nht nh) c bit n nh l c tnh chc chn ca cc cuc tn cng mng. ISO l t chc cho chng ta hiu r rng v m hnh 7 lp ni ting ISO (xem Chng 1), cng to ra m hnh qun l mng, n tht s hu ch cho vic t cc kch bn (scenarios) trn vo khung c cu trc hn. Nm lnh vc qun l c nh ngha:

Qun l vic hiu sut. Mc tiu ca vic qun l hiu sut l nh lng, o lng, bo co, phn tch v kim sot vic thi hnh (v d, s p dng, nng lc x l ) ca cc thnh phn mng khc nhau. Cc thnh phn ny bao gm cc thit b c nhn (v d: cc link, router, host) cng nh l end ennd tru tng nh mt ng thng qua mng. Chng ta s thy ngay rng cc giao thc tiu chun nh Simple Network Management Protocol (SNMP) [RFC 2570] ng mt trung tm vai tr trong vic qun l hiu nng. Qun l li. Mc tiu ca qun l li l ng nhp, pht hin, v hi p cc b li trong mng. Ranh gii gia qun l li v qun l hiu nng thng khng r nt. Chng ta c th ngh qun l li l vic x l trc tip nht thi ca mng (v d link ,host hoc router phn cng hay phn mm thiu), trong khi qun l hiu sut v tng quan di hn trong vic cung cp cc mc chp nhn c v hiu sut trn cc mt khc nhau v nhu cu lu lng v (hy vng him) thit b mng b li. Nh vi hiu sut qun l th giao thc SNMP ng vai tr trung tm trong qun l li trn cc mng IP. Qun l cu hnh. Qun l cu hnh cho php mt qun tr mng theo di cc thit b trn mng v cu hnh phn cng v phn mm cc thit b ny. Qun l k ton.Qun l k ton cho php ngi qun tr mng xc nh, ng nhp,v kim sot ngi dng v thit b truy cp ti nguyn mng. Bng cch s dng cc hn ngch, s dng da trn tnh ph,v vic phn phi c quyn truy cp tt c ti nguyn thuc qun l k ton. Qun l bo mt. Mc tiu ca qun l bo mt l kim sot truy cp ti nguyn mng theo mt s chnh sch cng nh cc quy nh. S phn tn cc trung tm trng im v chng nhn c thm quyn m chng ta nghin cu trong phn 7.4 l nhng thnh phn ca qun l bo mt. Vic s dng bc tng la theo di v kim sot cc im truy cp bn ngoi mng n mt mng c nhn l ch chng ta s nghin cu trong phn 8.4 - mt phn khc cng rt quan trng.

Trong chng ny, chng ta s ch quan tm nhng kin thc c bn v qun l mng. Tm im ca chng ta s b thu hp - chng ta s ch nghin cu c s h tng ca qun l mng - kin trc tng th ,cc giao thc qun tr mng, v thng tin c bn m qua mt qun tr mng c th gi cho mng up and running. Chng ta s khng cover cc quy trnh ra quyt nh ca qun tr mng - ngi phi ln k hoch, phn tch, v phn hi vi thng tin qun l m c chuyn n NOC. Trong khu vc ny, cc ch nh xc nh li v qun l [1995 Katzela, Mehdi 1997], ch ng pht hin bt thng [Thottan 1998], bo ng tng quan [Jakobson 1993].. v nhiu hn na. Chng ta cng s cover cc ch rng hn v qun l dch v [Saydam 1996] cc d liu ca ti nguyn nh bng thng, cng sut my ch v cc tnh ton khc / ti nguyn thng tin lin lc cn thit p ng yu cu phc v c th ca doanh nghip. Trong phn sau ny, cc tiu chun nh TMN [Glitho 1995, Sidor 98] v TINA [Hamada 1997] ln hn, bao gm nhiu hn cc tiu chun do vy cc a ch ny ngy cng ln hn. V d TINA c m t l "mt tp hp cc mc tiu chung, nguyn tc, v khi nim cover qun l dch v, ti nguyn, v cc b phn ca Distributed Processing Environment- Mi trng x l phn tn "[Hamada 1997]. R rng, tt c cc ch l cho mt text ring bit, T cc kha cnh k thut s lm chng ta cm thy mt cht l lm. V vy, nh ni trn, mc tiu ca chng ta y s khim tn hn ,s cover cc nuts v bolts quan trng ca c s h tng thng qua qun tr mng gi cho cc bit chy thng sut. Mt cu hi thng c hi l "Qun tr mng l g?" tho lun ca chng ta trn phn no hiu nhng th cn thit, v minh ha mt vi trng hp s dng, qun l mng. Chng ti s kt thc phn ny vi mt cu n gin (mc d kh di) nh ngha v qun l mng t [Saydam 1996]

Qun tr mng bao gm vic trin khai, tch hp v phi hp ca phn cng, phn mm v cc yu t con ngi gim st, kim tra, thm d kin, cu hnh, phn tch, nh gi v kim sot mng v cc ngun lc p ng thi gian thc, hiu sut hot ng, v Cht lng ca cc yu cu dch v vi chi ph hp l

nh ngha v qun tr mng trn ch l phn xng nhng l mt nh ngha kh kh thi.Trong cc phn sau chng ta s thm vo nh ngha xng ny mt s phn tht.

Tham kho:

[AT&T 1999] AT&T, "AT&T raises the bar on data networking guarantees," http://www.att.com/press/0198/980127.bsc.html

[Glitho 1995] R. Glitho and S. Hayes (eds.) , special issue on Telecommunications Management Network, IEEE Communications Magazine, Vol. 33, No. 3, (March 1995).

[Hamada 1997] T. Hamada, H. Kamata, S. Hogg, "An Overview of the TINA Management Architecture," Journal of Network and Systems Management, Vol. 5. No. 4 (Dec. 1997). pp. 411-435

[Jakobson 1993] G. Jacobson and M. Weissman, "Alarm Correlation," IEEE Network Magazine, 19pp. 52-59.

[Katzela 1995] I. Katzela, and M. Schwartz. "Schemes for Fault Identification in Communication Networks," IEEE/ACM Transactions on Networking, Vol. 3, No. 6 (Dec. 1995), pp. 753-764.

[Larsen 1997] A. Larsen, "Guaranteed Service: Monitoring Tools," Data Communications, June 199pp. 85-94.

[Mehdi 1997] D. Mehdi and D. Tipper (eds.), Special Issue: Fault Management in Communication Networks, Journal of Network and Systems Management, Vol. 5. No. 2 (June 1997).

[RFC 789] E. Rosen, "Vulnerabilities of Network Control Protocols," RFC 789.

[RFC 2570] J. Case, R. Mundy, D. Partain, B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework" RFC 2570, May 1999.

[Saydam 1996] T. Saydam and T. Magedanz, "From Networks and Network Management into Service and Service Management," Journal of Networks and System Management, Vol. 4, No. 4 (Dec. 1996), pp. 345-348.

[Sidor 1998] D. Sidor, TMN Standards: Satisfying Today's Needs While Preparing for Tomorrow, IEEE Communications Magazine, Vol. 36, No. 3 (March 1998), pp. 54-64.

[Thottan 1998] M. Thottan and C. Ji, "Proactive Anomaly Detection Using Distributed Intelligent Agents," IEEE Network Magazine, Vol. 12, No. 5 (Sept./Oct. 1998), pp. 21-28.

[UUnet 1999] UUnet, "Service Level Agreement," http://www.uk.uu.net/support/ sla/8.2 C s h tng cho s qun l mng

Chng ta tm hiu trong cc phn trc rng qun l mng li i hi kh nng theo di, kim tra, thm d, cu hnh,...v iu khin cc phn cng v phn mm v cc thnh phn trong mt mng li. Do cc thit b mng c phn tn, iu ny s i hi ti thiu nhng ngi qun tr mng c kh nng thu thp d liu (v d: cho mc ch gim st) t mt thc th t xa (remote entity) v c th nh hng n s thay i (v d: iu khin) ti thc th t xa . Mt s tng t vi con ngi s chng t s cn thit i vi s hiu bit v nhng c s h tng cn thit cho s qun l mng.

Hy tng tng rng bn l ngi ng u mt t chc ln c vn phng chi nhnh khp ni trn th gii. Cng vic ca bn l m bo cc phn ca t chc hot ng trn tru. Bng cch no bn s lm c nh vy? Ti thiu, bn phi nh k thu thp d liu t cc vn phng chi nhnh di hnh thc cc bo co v nh lng cc bin php khc nhau cho cc hot ng, nng sut, v ngn sch. Bn s thng xuyn (nhng khng phi l lun lun) c thng bo mt cch r rng khi c mt vn mt trong cc vn phng chi nhnh, nhng ngi qun l chi nhnh ai mun leo ln cc bc thang ca cng ty (c l c c cng vic ca bn) c th s gi cho bn nhng bo co khng c yu cu ch ra rng lm th no mi th hot ng trn tru ti chi nhnh ca mnh. Bn s chn lc cc bo co nhn c, hy vng tm c s hot ng trn tru khp ni, nhng khng do d tm kim cc vn cn quan tm ca bn. Bn c th bt u mt cuc i thoi ring vi mt trong nhng vn phng chi nhnh c vn ca bn, thu thp nhiu d liu hn hiu v vn , v a xung mt mnh lnh (Hy thay i !) n qun l vn phng chi nhnh. Ngm nh trong cc kch bn con ngi rt ph bin ny l mt c s h tng kim sot t chc ng ch (bn), nhng khu vc xa ang c kim sot (cc vn phng chi nhnh), cc nhn vin t xa ca bn (cc qun l vn phng chi nhnh), cc giao thc truyn thng (i vi tiu chun truyn bo co v d liu, v i vi cc cuc i thoi ring), v d liu (ni dung cc bo co, cc bin php nh lng cho hot ng, nng sut, v ngn sch). Mi thnh phn trong s qun l t chc ca con ngi c c mt bn i chiu chnh xc trong s qun l mng.

Kin trc ca mt h thng qun l mng l mt khi nim ging ht vi s tng t t chc con ngi n gin ny. Lnh vc qun l mng c nhng thut ng ring ca n cho cc thnh phn khc nhau ca mt kin trc qun l mng, v v vy chng ti chp nhn cc thut ng y. Nh c biu din trong hnh 8.2-1, c ba thnh phn chnh ca mt kin trc qun l mng : mt thc th qun l managing entity (v d: ng ch trong tng t trn ca chng ta - bn), cc thit b c qun l - managed devices (cc vn phng chi nhnh) v mt giao thc qun l mng.

Hnh 8.2-1: Cc thnh phn chnh ca mt kin trc qun l mng.

Thc th qun l l mt ng dng, vi mt vng-lp-con-ngi, ang chy trong mt trm qun l mng li tp trung trung tm hot ng mng -network operations center (NOC). Thc th qun l l trung tm qu o ca cc hot ng qun l mng li n iu khin vic thu thp, x l, phn tch, v/hoc hin th thng tin qun l mng li. N y khi cc hot ng c khi xng kim sot hnh vi ca mng li v y khi nhng ngi qun tr mng li tng tc vi cc thit b mng

Mt thit b c qun l l mt phn ca cc thit b mng (bao gm c phn mm ca n) nm trn mt mng li c qun l. y l vn phng chi nhnh trong tng t con ngi ca chng ta. Mt thit b c qun l c th l mt host, router, bridge, hub, printer, hoc thit b modem. Bn trong mt thit b c qun l, c th c mt vi ci gi l cc i tng uc qun l-managed objects. Cc i tng c qun l ny l nhng mnh thc t ca phn cng bn trong thit b c qun l (v du: mt card giao din mng), v tp hp cc tham s cu hnh cho cc mnh ca phn cng v phn mm (v d: mt giao thc nh tuyn intradomain nh RIP) . Trong tng t con ngi ca chng ta, cc i tng c qun l c th l cc phng ban bn trong vn phng chi nhnh. Nhng i tng uc qun l ny c nhng phn thng tin lin quan n chng c thu thp vo mt c s thng tin qun l - management information base (MIB); chng ta s thy rng nhng gi tr ca nhng mu thng tin ny l kh dng cho thc th qun l. Trong tng t con ngi ca chng ta, MIB tng ng vi d liu nh lng (cc bin php hot ng, nng sut, v ngn sch, nhng th tn ti sau cng c kh nng b tr bi thc th qun l!) c trao i gia vn phng chi nhnh v vn phng chnh. Chng ta s hc cc MIB c th trong phn 8.3. Cui cng, cng thng tr ti mi thit b c qun l l mt i l qun l mng li - network management agent, mt tin trnh ang chy trong thit b c qun l m giao tip vi thc th qun l, thc hin nhng hnh vi cc b trn thit b uc qun l di s ch huy v kim sot ca thc th qun l. i l qun l mng li l qun l chi nhnh trong tung t con ngi ca chng ta.

Phn th ba ca mt kin trc qun l mng l giao thc qun l mng - network management protocol. Giao thc hot ng gia thc th qun l v thit b c qun l, cho php thc th qun l truy vn trng thi ca thit b c qun l v cc hnh vi c hiu ng gin tip trong nhng thit b ny thng qua cc i l ca n. Cc i l c th s dng giao thc qun l mng li thng bo cho thc th qun l cc s kin ngoi l (v d: thnh phn tht bi hoc cc ngng ca ca s vi phm cht lng) .

Mc d c s h tng ca s qun l mng li l mt khi nim n gin, ngi ta c th thng b sa ly xung din thuyt-s-qun-l-mng-li vi nhng t nh thc th qun l, thit b c qun l, i l qun l v c s thng tin qun l . Hy vng rng, vic gi s tng t t chc con ngi v s song song r rng ca n vi s qun l mng li trong u s gip chng ta tip tc thng qua chung ny.

S tho lun ca chng ta v kin trc qun l mng li bn trn vn cn chung chung, v c p dng rng ri trong mt s cc tiu chun qun l mng v nhng n lc c xut trong nhng nm qua. Tiu chun qun l mng li bt u trng thnh t cui nhng nm 1980, vi OSI CMISE/CMIP (the Common Management Service Element/Common Management Information Protocol) [Piscatello1993, Stallings 1993, Glitho 1998] , v Internet Internet SNMP (Simple Network Management Protocol) [Stallings 1993, RFC 2570, Stallings 1999, Rose 1996] ang ni ln nh hai tiu chun quan trng nht . C hai c thit k khng ph thuc vo nh cung cp c th cc sn phm hoc cc mng li. Do SNMP c nhanh chng thit k v trin khai ti thi im khi s cn thit qun l mng li tr thnh s kh khn r rng, SNMP c s dng rng ri v c chp nhn. Ngy nay, SNMP ni ln nh l khung qun l mng li c s dng v trin khai rng ri nht. Chng ta s nhc li v SNMP c th trong nhng phn sau

Tham kho :[Glitho 1998] R. Glitho, "Contrasting OSI Systems Management to SNMP and TMN," Journal of Network and Systems Management, Vol. 6, No. 2, (June 1998), pp. 113-131.[Piscatello 1993] D. Piscatello and A. Lyman Chapin, "Open Systems Networking", Addison Wesley,1993.

[RFC 2570] J. Case, R. Mundy, D. Partain, B. Stewart, "Introduction to Version 3 of the Internetstandard Network Management Framework" RFC 2570, May 1999.

[Rose 1996] M. Rose, "Simple Book, The: An Introduction to Internet Management, Revised Second Edition," Prentice Hall, 1996.

[Stallings 1993] W Stallings, "SNMP. SNMP v2. and CMIP The Practical Guide to Network Management Standards," Addison Wesley 1993.

[Stallings 1999] W. Stallings, "Snmp, Snmpv2, Snmpv3, and Rmon 1 and 2," Addison Wesley, 1999

8.3 Khung qun l mng Internet

Tri ngc vi ci tn ca n SNMP(giao thc qun l mng n gin ), vic qun l mng trong mng Internet nhiu hn l mt giao thc chuyn qun l d liu gia qun l thc th v i din ca n, v pht trin phc tp hn l n gin so vi nh ngha. Cc khung qun l chun Internet hin ti c gc r l giao thc kim tra cng vo n gin. SGMP[RFC 1028] c thit k bi mt nhm ca trng i hc cc nh nghin cu mng, ngi s dng, ngi qun l. Kinh nghim ca h v SGMP cho php h thit k, thc hin v m phng SNMP ch trong vi thng, khc xa vi ngy nay thay v rt ra mt qu trnh chun ha. K t SNMP pht trin t SNMPv1 n SNMPv2 v cho ti phin bn gn y nht, SNMPv3 ra i vo thng 4 nm 1999.

Khi m t cc khung qun l mng, mt vi cu hi chc chn s phi c tr li:

iu g ang c xem xt (theo quan im ng ngha) ? V loi iu khin no c thc hin bi ngi qun l mng?

Loi thng tin c th no c bo co hoc c trao i ?

Giao thc lin lc no c s dng truyn tin?

Nh li phn tng t t chc ngi ca chng ta t chng trc. ng ch v ngi qun l cc chi nhnh cn phi ng v cc bin php hot ng, nng sut v ngn sch c bo co li trng thi ca cc vn phng chi nhnh. Tng t nh vy, chng cn tho thun cc hot ng m ng ch c th lm(v d nh, ct gim ngn sch, ngi qun l thay i mt s hot ng ca vn phng) mc chi tit thp hn, chng cn phi tha thun loi d liu c bo co (v d trng cc loi ngoi t no c dng bo co ngn sch). Trong khi y l nhng chi tit thng, nhng chng c tha thun. Cui cng, cch thc m thng tin c chuyn ti gia cc vn phng chnh v vn phng chi nhnh (tc l giao thc giao tip ca h) phi c xc nh

a ch chnh xc INMF cc cu hi t ra trn. Khung bao gm 4 phn:

nh ngha cc i tng qun l mng c gi l cc i tng MIB. Trong cc khung qun l mng Internet, qun l thng tin c i din cho mt b cc i tng qun l cng vi nhau to thnh lu tr thng tin o. c gi l Qun l thng tin c bn (MIB) Mt i tng MIB c th l mt lt truy cp, chng hn nh gi d liu IP b loi b ti mt router do sai st trong mt gi d liu iu khin IP hoc mt s li trong giao din Enthernet, m t thng tin nh l phn mm ang chy trn router, trng thi ca thng tin nh mt thit b c bit hot ng chnh xc hay khng, hoc thng tin giao thc c th chng hn nh ng nh tuyn ti ch. i tng MIB nh vy xc nh thng tin qun l c duy tr bi mt nt qun l. Cc i tng MIB c tp hp li gi l cc modun MIB. Trong t chc tng t con ngi ca chng ta, MIB nh ngha thng tin truyn gia cc vn phng chi nhnh v vn phng chnh.

Mt ngn ng nh ngha d liu, nh l SMI (Cu trc ca thng tin qun l) nh ngha loi d liu, mt m hnh i tng, v lut to v sa i thng tin qun l,cc i tng MIB c nh ngha trong ngn ng nh ngha d liu ny. Trong t chc tng t con ngi ca chng ta, SMI c s dng xc nh nh dng ca thng tin c truyn.

Mt giao thc, SNMP, thay i thng tin v ra lnh gia qun l thc th v tc nhn thay mt thc th trong vic qun l thit b mng.

Bo mt v kh nng qun l, vic tng cng cc kh nng i in cho tng cng chnh trong SNMP v3 trn SNMP v2

Kin trc qun l mng Internet c thit k modum nh vy, vi giao thc c lp ngn ng nh ngha d liu v MIB, v mt giao thc MIB- c lp. Tht th v, kin trc modul ny ln u c a ra chuyn tip t qun l mng SNMP- c bn ln khung qun l mng ang c pht trin bi T chc tiu chun quc t(ISO),kin trc qun l mng cnh tranh khi SNMP ln u c by t- mt chuyn tip khng bao gi xy ra. Theo thi gian, thit k modul ca SNMP cho php n pht trin qua ba phin bn chnh, vi mi phn trong 4 phn tho lun trn c pht trin c lp vi nhau. R rng, quyt nh ng v modul c a ra ngay c khi cho mt l do sai.

Trong cc phn sau, chng ta s xem xt bn thnh phn chnh khung qun l mng Internet mt cch c th hn.8.3.1 Cu trc ca thng tin qun l SMI

SMI(Tn mt thnh phn kh k cc ca khung qun l mng , ci tn ca n khng a ra cc gi v chc nng) l mt ngn ng c s dng nh ngha thng tin quan l bn trong thc th qun l mng. Ngn ng nh ngha cn m bo c php v ng ngha nh ngha d liu qun l mng l ng v r rng. Lu rng, SMI khng nh ngha mt trng hp c th d liu trong mt thc th qun l mng, m l mt ngn ng m trong nhng thng tin c quy nh. Vn bn m t SMI cho SNMP v3(hay trnh nhm ln c gi l SMI v2) l [RFC2578, RFC 2579, RFC 2580]. Chng ta s xem xt SMI theo kiu t di ln, bt u bng cc loi d liu c s ca SMI. Chng ta s xem xt cch qun l cc i tng c m t trong SMI v xem xt lm th no qun l cc i tng v nhm chng li thnh nhng modul.

SMI Cc loi d liu c s.

RFC 2578 quy nh c th cc loi d liu c s trong ngn nh nh ngha modul SMI-MIB. Mc d SMI da trn ANS.1 [ISO 1987 ISO X.680] ngn ng nh ngha i tng (trong phn 8.4 )c pht trin bi ISO trong nm 1980, cc loi d liu SMI c th c thm vo SMI nn c coi l ngn ng nh ngha d liu trong ci ng ca n. Mi mt loi d liu c bn c c nh ngha trong RFC 2578 c biu din trong bng 8.3-1. Ngoi cc i tng v hng, n cng c th p t cu trc dng bng trn mt b th bc ca cc i tng MIB c s dng cho cu trc SQUENCE OF, xem [RFC 2578] bit thm chi tit. a s cc loi d liu trong bng 8.3-1 c trnh by gip cho ngi c d hiu. Mi loi d liu chng ta s a ra tho lun c th hn trong thi gian ngn l nhn dng i tng loi d liu, n c s dng t tn cho cc mt i tng.

Loi D LiuM t

Interger 32 bit nguyn, nh c nh ngha trong ASN.1, vi gi tr nm trong khong -2^31 n 2^31 -1 hoc l cc gi tr nm trong danh sch c t tn cho cc gi tr khng i.

Interger3232 bit nguyn nm gia -2^31 n 2^31 -1

Duong3232 bit nguyn khng du nm trong khong 0 n 2^23-1

Octet stringASN.1 nh dng chui bit i din cho chui nh phn hoc d liu gc, ln ti di 65535

nh danh i tngASN.1 nh dng phn quyn qun l(cu trc tn), chng 8.3

a ch Ipa ch Ip c 32 bit,

Counter32Bin m 32 bit tng t 0 n 2^32 -1 sau kt thc quay v s 0

Counter64

Gauge3232 bit nguyn s khng c m ti 2^32 2 v khng quay v s 0

TimeTickThi gian, c o th 1/100 ca giy tnh t mt s s kin

Bng 8.3-1: Bng cc loi d liu ca SMI

Cu trc cp cao ca SMI

Ngoi cc d liu n gin ra, ngn ng nh ngha d liu SMI cng cung cp cu trc ngn ng cp cao hn: Loi i tng (the OBJECT-TYLE) c s dng cho mt s loi d liu c bit, trng thi, ng ngha ca mt i tng qun l. Ni chung, qun l cc i tng bao gm qun l d liu nm trung tm ca mng li qun l.C gn 10000 nh ngha cc i tng trong RFC2570. Cu trc Loi i tng c bn mnh . Mnh C php ca Loi i tng nh ngha ra loi d liu c bn c bit thch hp cho mi loi i tng. Mnh Max-Access quy nh vic qun l i tng c th c c, vit, to hoc l c gi tr trong thng bo. Mnh Status cho bit nh ngha i tng ang l hin ti v hp l, li thi(trong trng hp ny, n khng nn c thc hin, nh ngha ca n ch ra cc mc ch trong qu kh) hoc b phn i.(li thi nhng c kh nng tng tc vi nhng thnh phn c). Mnh Description cha vn bn vit nh ngha ca con ngi v i tng, vn bn ny c mc ch qun l i tng v cung cp mi thng tin ng ngha cn cho thc hin qun l i tng. Mt v d v cu trc Loi i tng, c nh ngha trong [RFC2011]. i tng nh ngha 32 bt m theo s lng ca nhng gi d liu c nhn ti mt nt qun l v c truyn thnh cng cho mt lp trn. Dng cui ca nh ngha lin quan ti tn ca i tng , ch ny chng ta s xem xt trong phn sau.

ipInDelivers OBJECT-TYPE

SYNTAX Counter32

MAX-ACCESS read-only

STATUS current

DESCRIPTION

"The total number of input datagrams

successfully delivered

to IP user-protocols (including ICMP)."

::= { ip 9 }

Cu trc Module- Identity cho php cc i tng c lin quan nhm li thnh mt module. V d, [RFC 2011] ch r module MIB l xc nh qun l i tng(bao gm ipIndelivers) cho vic thc hin qun l ca giao thc lin mng(IP) v n c lin kt vi giao thc iu khin truyn tin trn mng(ICMP). [RFC 2012] ch r module MIB dnh cho TCP v [RFC 2013] ch r module MIB dnh cho UDP. [RFC 2021] ch r module MIB dnh cho RMON(Remote Monitoring). Ngoi vic cha nh ngha Object- Type ca qun l i tng trong mt module, cu trc Module Indentity cn c cc iu khon cho ti liu lu thng tin ca tc gi ca module , ngy cui cng cp nhp, lch s kim tra, v vn bn m t ca module. V d, xem xt nh ngha module cho vic qun l ca giao thc IP:

ipMIB MODULE-IDENTITY

LAST-UPDATED "9411010000Z"

ORGANIZATION "IETF SNMPv2 Working Group"

CONTACT-INFO

" Keith McCloghrie

Postal: Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

US

Phone: +1 408 526 5260

Email: kzm@cisco.com"

DESCRIPTION

"The MIB module for managing IP and ICMP

implementations,

but excluding their management of IP routes."

REVISION "9103310000Z"

DESCRIPTION

"The initial revision of this MIB module was part

of MIBII."

::= { mib-2 48}

Cu trc Notification-Type c s dng ch ra thng tin v SNMPv2-Trap v cc tin InformationRequest c to ra bi cc tc nhn, hoc l thc th qun l. Thng tin ny bao gm nguyn vn Description khi mt tin nhn c gi i, cng nh danh sch cc gi tr bn trong tin nhn pht ra, xem [RFC 2578] thm chi tit

Cu trc Module- Compliance xc nh cc thit lp qun l i tng bn trong mt module m cc tc nhn phi thc hin

Cu trc Agent-Capabilities ch r kh nng ca tc nhn i vi cc i tng v nh ngha thng bo s kin.

8.3-2 C s thng tin qun l: MIB.

Nh ni trn , C s thng tin qun l MIB, c th c dng nh mt b nh thng tin o, t chc qun l cc i tng c gi tr chung phn nh trng thi ca mng. Nhng gi tr c th l c hi hoc c th thit lp bi mt thc th qun l bng cch gi cc thng ip SNMP cc tc nhn thc hin ti mt nt qun l thay mt cho cc t chc qun l. Qun l cc i tng c quy nh bng cch s dng cu trc SMI Object-Type tho lun trn v c tp trung vo module MIB s dng cu trc Module-Indentity.

IETF chun ha cc modules MIB kt hp vi router, host v cc thit b mng khc. iu ny bao gm d liu nhn dng c bn v mt on c th v phn cng , v qun l thng tin v cc giao din v cc giao thc ca thit b mng. Nh bn pht hnh SNMPv3(gia nm 1999) c gn 100 tiu chun da trn module MIB thm ch s lng ln hn cc nh cung cp module MIB. Vi tt cc cc tiu chun , IETF cn mt cch xc nh tn ca cc module chun , nh l qun l c th i tng trong module. Thay v bt u t u, IETF thng qua cc khung xc nhn i tng chun ha (tn), nhng ci c a ra bi T chc chun ha quc t (ISO). Nh l trng hp vi nhiu c quan tiu chun , ISO c k hoch ln cho khung xc nhn i tng chun ha ca h- xc nh mi i tng chun ha c th (nh dng d liu, giao thc hoc cc thnh phn ca thng tin) trong mi mng li, khng k ti cc t chc chun mng (Internet IETFt,ISO, IEE hoc ANSI), cc nh sn xut thit b, hoc ch s hu mng. Mt mc tiu thc s ! Khung xc nhn i tng thng qua bi ISO mt phn ca ANS 1(K hiu c php on tm tc)[ISO 1987 ISO X680] ngn ng nh ngha i tng. Module MIB chun ha c mt gc ring cho vic t tn bao gm tt c cc khung, nh l tho lun.

Nh trong hnh 8.3-1, cc i tng c xc nh trong khung t tn ISO theo mt cp bc.Ch rng mi im chi nhnh trn cy th c c hai th tn v s (c vit trong ngoc) mi im trn cy nh vy c xc nh bi mt dy tn v s c xc nh ng i t gc ti im trn cy nh danh. WWW, da trn li ch vt qua cc phn cy xc nh i tng (s dng cc nhnh thng tin c cung cp bi cc ngi tnh nguyn) l http://www.alvestrand.no/harald/objectid/top.html.

Hnh 8.3-1:ANS1 Cy nhn din i tng

pha trn cng ca h thng phn cp l ISO(T chc tiu chun quc t) v ITU-T(Tiu chun vin thng ca lin minh vin thng th gii), hai t chc tiu chun chnh ny phn pht vi ANSI, cng nh mt chi nhnh n lc cho hai t chc. Theo nhnh ISO trn cy, chng ta tm thy li vo cho tt c chun ISO(1.0) v cho cc tiu chun to bi cc t chc tiu chun ISO ti cc nc khc nhau(2.0). Mc d khng c v trong hnh 8.3-1, theo (ISO ISO-Member-Body, a.k.a 1.2 ) chng ta s tm thy chun USA(1.2.840.11359), theo chng ta tm c IEEE, ANSI v cc t chc tiu chun c th.Bao gm c RSA(1.2.840.11359) v Microsoft(1.2.840.113556), theo ta li tm c Microsofl File Format(1.2.840.112556.4) cho cc sn phm Microsoft khc nhau, v d nh Word(1.2.840.11356.4.2). Nhng chng ta quan tm ci trong mng(khng phi l file Word), vy chng ta hy hng sang nhnh c nhn 1.3 cc tiu chun c cng nhn bi t chc ISO. Bao gm B quc phng M (theo chng ta s tm c cc chun Internet) Qu phn mm m(22), Hip hi hng khng SITA (69), t chc Nato(57), cng nh cc c quan khc.

Theo nhnh Internet ca cy(1.3.6.1) c by loi. Theo nhnh private (1.3.6.1.4) chng ta s tm thy mt danh sch [IANA 1999b] tn v m s doanh nghip ca hn 4000 cng ty ng k vi IANA(c quan cp s hiu Internet IANA99). Theo nhnh management(1.3.6.1.2) v nhnh MIB-2 (1.3.6.1.2.1) ca nh danh i tng, chng ta tm c cc nh ngha cho cc chun module MIB.

Modules MIB chun ha

cc mc thp hn ca cy trong hnh 8.3-1 cho thy mt vi mt s phn cng quan trng theo hng module MIB (h thng v giao din) cng nh mt s module kt hp vi mt s giao thc quan trng ca mng. [RFC 2400] danh sch tt c cc module MIB chun ha. Trong khi MIB trong RFC kh c v kh khan, n dng xem mt vi nh ngha modul MIB c mt s gia v cho cc loi hnh thng tin trong mt modul.

Cc i tng qun l nm trong h thng cha thng tin chung v thit b ang c qun l, tt c cc thit b qun l phi h tr h thng i tng MIB. Bng 8.3-2 nh ngha cc i tng trong cng mt h thng nhm, nh nh ngha trong [RFC 1213].

nh danh i tngTnKiu M t [RFC 1213]

1.3.6.1.2.1.1.1sysDescrOCTET STRINGTn y v nhn dng phin bn ca loi phn cng h thng, phn mm h iu hnh, phn mm trong mng

1.3.6.1.2.1.1.2sysobjectIDOBJECT IDENTIFIERID i tng gn cho ngi bn l cung cp d dng v r rng xc nh loi hp ny ang c qun l

1.3.6.1.2.1.1.3sysUpTimeTime TicksKhong thi gian k t phn qun l mng ca h thng c khi ti ln cui

1.3.6.1.2.1.1.4sysContactOCTET STRINGNhng ngi lin lc cho qun l nt ny, cng vi thng tin v cch lin lc vi ngi ny

1.3.6.1.2.1.1.5sysNameOCTET STRINGGn mt tn hnh chnh cho nt ny qun l.

1.3.6.1.2.1.1.6sysLocationOCTET STRINGV tr vt l ca nt ny

1.3.6.1.2.1.1.7sysServicesInteger32Mt gi tr c m ho m ch tp hp cc dch v hin c ti nt ny: v d nh (vt l, mt repeater), datalinkl / subnet (v d, cu), internet (v d, IP gateway), kt ni ngi cui (v d, ch nh), cc ng dng

Table 8.3-2 Qun l i tng trong nhm h thng MIB-2

Bng 8.3-3 nh ngha qun l cc i tng bn trong modul MIB cho giao thc UDP qun l thc thnh danh i tngTnKiuM t [RFC 1213]

1.3.6.1.2.1.7.1udpInDatagramsCounter32Tng s gi tin UDP c gi ti cc ngi dng UDP

1.3.6.1.2.1.7.2udpNoPortsCounter32Tng s gi tin UDP c nhn vi khng c ng dng ti ch ti

1.3.6.1.2.1.7.3udpInErrorsCounter32S cc gi tin UDP c nhn nhng khng c gi do mt s l do khc ngoi vic khng y ng dng ti ch

1.3.6.1.2.1.7.4udpOutDatagramsCounter32 Tng s gi tin UDP gi t mt thc th

1.3.6.1.2.1.7.5udpTableSEQUENCE of UdpEntryMt chui cc i tng UDPEntry, mi port m hin ti ang m cho mt ng dng, ly a ch IP v s cng s dng bi ng dng

Bng 8.3-3 Qun l i tng trong module UDP MIB-2

8.3.3 SNMP iu hnh giao thc v nh x vn chuyn

Simple Network Management Protocol, giao thc qun l mng n gin, Version2 (SNMPv2) (RFC 1905) c s dng vn chuyn thng tin MIB (Management Information Base c s qun l thng tin) c quy nh trong SMI gia cc thc th qun l v cc tc nhn thc thi trn danh ngha ca cc thc th qun l. Tc dng c bn nht ca SNMP l trong mt ch hi p (request response) mt thc th qun l SNMPv2 gi mt yu cu ti mt tc nhn SNMPv2, tc nhn ny nhn c yu cu, sau thc hin mt s hnh ng v gi tr li li cho yu cu . Thng thng, mt yu cu s c s dng truy vn (ly li) hay thay i (t li) gi tr ca mt i tng MIB c lin kt vi mt thit b qun l. Tc dng c bn th 2 ca SNMP l khi mt tc nhn gi mt thng ip t nguyn, c bit n nh l mt thng ip by (trap message), ti mt thc th qun l. Thng ip by c s dng thng bo cho mt thc th qun l v mt tnh hung khc thng thay i kt qu trong gi tr ca i tng MIB. Chng ta thy trc trong chng 8.1 rng ngi qun tr mng c th mun nhn c mt thng ip by, ly v d, khi mt interface b down, s tc nghn t n mc c ci t sn link, hay mt vi tnh hung ng ch khc xut hin. lu rng s cn bng gia s gi (s tng tc hi-p) v s by l rt quan trng; xem xt nhng vn trong bi v nh.

Bng 8.3-4: SNMPv2 PDU types

Hnh 8.3-2: SNMP PDU formatSNMPv2 nh ngha 7 dng thng ip, c bit n mt cch tng qut l n v d liu giao thc Protocol Data Units PDUs, nh trn hnh 8.3-4. nh dng ca PDU c v trong hnh 8.3-2. Cc dng GetRequest, GetNextRequest, v GetBulkRequest PDUs u c gi t mt thc th qun l ti mt tc nhn yu cu gi tr ca mt trong nhiu i tng MIB ti thit b qun l ca tc nhn. Vic nhn din i tng ca cc i tng MIB cha cc gi tr c yu cu c quy nh trong phn lin kt gi tr ca PDU. GetRequest, GetNextRequest, v GetBulkRequest khc nhau tnh cht ca d liu m chng yu cu. GtReqest c th yu cu mt b ngu nhin cc gi tr MIB; cc lnh ghp GetNextRequest c th c dng thng qua tun t cc bng ca cc i tng MIB; GetBulkRequest cho php mt khi d liu ln c tr li, trnh t gy ra overhead nu nhiu thng ip GetRequest hay GetNextRequest c gi i. Trong c 3 trng hp, bn tc nhn phn hi li bng mt Response PDU cha nhn dng i tng v cc gi tr lin kt ca chng.

Thng ip SetRequest PDU c s dng bi thc th qun l t gi tr cho mt trong nhiu i tng MIB trong mt thit b qun l. Mt tc nhn phn hi li bng mt thng ip Response PDU vi trng thi li l noError xc nhn rng gi tr thc s c t.

Thng ip nformRequest PDU c s dng bi thc th qun l thng bo cho mt thc th qun l khc v thng tin MIB l t xa n cc thc th nhn. thc th nhn phn hi li bng mt thng ip Response PDU vi trng thi li l noError xc nhn rng nhn c thng ip InformRequest PDU.

Do tnh cht hi-p ca SNMPv2, iu ng ch y l mc d SNMP PDU c th c cha thng qua rt nhiu cc giao thc vn ti khc nhau, SNMP PDU thng thng c cha trong trng payload ca mt gi tin UDP. Thc vy, trong RFC 1906 ni rng UDP l php nh x vn chuyn a thch. Do UDP l mt giao thc vn chuyn khng tin cy, khng c g m bo rng mt yu cu, hay thng ip phn hi ca yu cu c th c nhn ti ch n nh. Trng Request ID ca PDU c s dng bi thc th qun l m s yu cu ti mt tc nhn; phn hi ca mt tc nhn nhn Request ID ca n t trng trong yu cu m n nhn c. Do , trng Request ID c th c s dng bi thc th qun l pht hin s mt mt cc yu cu hay cc thng ip phn hi. iu ty thuc vo thc th qun l la chn c hay khng truyn li mt yu cu nu nhn c mt thng ip phn hi khng tng ng sau mt khong thi gian. c bit, mt SNMP chun khng phi la chn truyn li bt k mt th tc ring bit no, hay c khi vic truyn li c thc hin xong ngay t u. N ch yu cu thc th qun l cn phi hnh ng c trch nhim i vi tn s v thi gian truyn li. iu ny tt nhin dn n cu hi rng nh th no mi l c trch nhim m mt giao thc cn phi c.

Dng cui ca SNMPv2 PDU l thng ip by. thng ip by c sinh ra khng ng b, tc l, khng phi phn ng li mt yu cu nhn c m l phn ng li mt s kin m thc th qun l yu cu khai bo. RFC 1907 nh ngha cc loi by ni ting bao gm mt s khi u lnh hoc nng bi mt thit b, mt lin kt i ln hay i xung, mt mt ngi hng xm hay s kin xc thc b tht bi. mt yu cu nhn c by khng yu cu phn hi t mt thc th qun l.

8.3.4 Bo mt v Qun tr

Ngi thit k ra SNMPv3 ni rng SNMPv3 chnh l SNMPv2 vi s b sung thm kh nng bo mt v qun tr. R rng, c nhng s thay i gia SNMPv3 v SNMPv2, tuy nhin khng u nhng thay i tr nn r rng hn trong lnh vc bo mt v qun tr.

Cng vi s trng thnh ca SNMP qua 3 phin bn, cc chc nng ca n cng pht trin tuy nhin cng vi n l khi lng khng l nhng ti liu lin quan. iu ny c chng minh bi thc t ngay c hin ti mt RFC ni rng m t mt kin trc mt t kt cu khung ca qun l SNMP. Trong khi nim v mt kin trc dng m t mt kt cu khung c th hi nhiu i vi mt ngi, mc ch ca RFC 2571 l gii thiu mt ngn ng chung mt t cc chc nng v hnh ng ca mt tc nhn hay mt thc th qun l SNMPv3. Cc kin trc ca mt thc th SNMPv3 l n gin, lt qua kin trc ny s gip chng ta cng c s hiu bit v SNMP.

Ci c gi l cc ng dng SNMP bao gm mt ng dng pht lnh, nhn thng bo v chuyn tip proxy (tt c u thng c tm thy trong mt thc th qun l); mt b p ng lnh v ng dng pht thng bo (c hai u thng c tm thy trong mt tc nhn); v kh nng ca cc ng dng khc. ng dng pht lnh to ra nhng GetRequest, GetNextRequest, GetBulkRequest v SetRequest PDU m chng ta xem xt chng 8.3.3 v x l cc phn hi nhn c cho cc PDU. B p ng lnh nm trong mt tc nhn x l cc thng ip nhn c v phn hi (s dng thng ip Response) ti cc thng ip GetRequest, GetNextRequest, GetBulkRequest v SetRequest PDU nhn c. Cc ng dng pht thng bo nm trong mt tc nhn to ra cc PDU by; nhng PDU ny cui cng c nhn v x l trong mt ng dng nhn thng bo ti mt thc th qun l. Sau ng dng chuyn tip proxy s chuyn tip nhng PDU yu cu, thng bo, v phn hi.

Mt PDU c gi bi mt ng dng SNMP thng qua ng c SNMP trc khi n c gi qua giao thc vn chuyn thch hp. Hnh 8.3-3 cho thy mt PDU c to ra bi cc ng dng pht lnh u tin i vo modun, ni m phin bn ca SNMP c xc nh. PDU ny sau c x l trong h thng x l thng ip, ni m PDU c gi trong mt thng ip header cha s hiu phin bn SNMP, mt ID cho thng ip v thng tin kch c ca thng ip. Nu m ha hay xc thc l cn thit th cc trng head thch hp vi thng tin ny cng c bao gm trong , xem RFC 2571 bit thm chi tit. Cui cng, thng ip SNMP (cc PDU ng dng c to ra cng vi thng tin v header ca thng ip) c chuyn ti giao thc vn chuyn thch hp. cc giao thc vn chuyn a thch mang thn gip SNMP l UDP (ngha l cc thng ip SNMP c mang nh payload trong mt gi tin UDP), v m s cng a thch cha SNMP l cng 161.

Hnh 8.3-3: SNMPv3 engine and applications

Ta thy, cc thng ip SNMP c s dng khng ch theo di, m cn iu khin (v d, thng qua lnh SetReqest) cc phn t ca mng. R rng, mt k nghe ln c th nh chn thng ip v/hoc to ra cc gi tin SNMP ring ca mnh vo trong c s h tng qun l c th tn ph trong mng. V vy, iu quan tng l thng ip SNMP c truyn i mt cch an ton. ng ngc nhin l ch trong nhng phin bn gn y, yu t an ton mi nhn c s ch xng ng. SNMPv3 cung cp s m ha, xc thc, s bo v chng li nhng tn cng playback ( c trong chng 7.2 v 7.5), v kim sot truy cp. Bo mt ca SNMPv3 c gi l an ninh da trn ngi s dng, trong c khi nim truyn thng ca mt ngi dng, nhn dng bng mt user name, vi nhng thng tin bo mt nh mt mt khu, gi tr ca kha, hay cc quyn truy cp c lin quan.

S m ha (Encryption), cc PDU SNMP c th c m ha bng Chun m ha d liu (Data Encrytion Standard DES) lu rng do DES l mt h thng chia s kha, cc kha b mt ca d liu c m ha phi c bit n bi cc n v nhn d liu c th gii m d liu.

S chng thc (Authenticatin), SNMP kt hp vic s dng mt hm bm, chng hn nh thut ton MD5 m chng ta nghin cu trong chng 7.5, vi mt gi tr kha b mt cung cp cho c xc thc v bo v chng gi mo. Cch tip cn, c gi l HMAC (Hashed Message Authentication Codes) RFC 2104, l khi nim n gin. Gi s ngi gi c PDU SNMP, m mun gi n ngi nhn. PDU ny c th c m ha ri. Gi s c ngi nhn v gi u bit kha b mt l K, m khng phi cng mt kha c s dng m ha. Ngi gi s gi mt gi tr m cho ngi nhn. Tuy nhin, thay v gi cng mt MIC n gin l MIC(m), m c tnh thng qua m (xem li chng 7.5.2) bo v chng gi mo, ngi gi gn thm cc kha b mt c chia s ti m v tnh ton mt MIC, MIC(m,k) da trn s kt hp ca PDU v kha. Gi tr MIC(m,k) (nhng khng phi kha b mt) sau c chuyn i cng vi m. Khi ngi nhn nhn c gi tr m, n c gn thm kha b mt K v tnh MIC(m,k). Nu gi tr c tnh ton ny trng vi gi tr c truyn ti ca MIC(m,k) th ngi nhn s bit c rng khng ch thng ip c gi i m khng b nghe ln, m cn bit c ngi gi cng bit gi tr ca K, tc l, bi mt ngi ng tin cy, v c xc thc, l ngi gi. Trong thao tc, HMAC thc s thc hin ni v bm hai ln (append-and-hash), s dng mt cht thay i trong gi tr thi gian mi kha, xem RFC 2104 bit thm chi tit.

S bo v chng playback, trong kch bn SNMPv3, ngi nhn thng ip mun m bo rng thng ip nhn c khng b pht li bi mt s tin nhn trc . m bo iu ny, ngi nhn yu cu ngi gi km theo mt ta tr trong mi thng ip da trn mt hm m nm pha ngi nhn. Hm m ny, vi chc nng nh trn, phn nh s lng thi gian k t khi khi ng li ln cui cng ca phn mm qun l mng bn pha ngi nhn v tng s ln khi ng li k t ln cui cng phn mm ny c cu hnh. Min l hm m ti thng ip nhn c nm tron gsoos l cc li t gi tr thc t ca ngi nhn, thn gip c chp nhn nh mt thng ip khng b pht li, lc ny c th c xc thc v/hoc gii m. Xem RFC 2574 bit thm chi tit.

Kim sot truy cp (Access Control), SNMPv3 cung cp mt ci nhn da trn iu khin truy cp (RFC 2575) c diu khin m mng thng tin qun l c th c truy vn v/hoc thit lp bi ngi dng. Mt thc th SNMP gi thng tin v quyn truy cp v chnh sch trong mt kho d liu cu hnh a phng (Local Cniguration Datastore LCD). Cc phn ca LCD l c th truy cp c nh cc i tng qun l, c nh ngha ti gc nhn da trn cu hnh m hnh kim sot truy cp MIB (RFC 2575) v do c th c qun l v thao tc t xa thng qua SNMP.

Tham kho[IANA 1999] Internet Assigned Number Authority homepage, http://www.iana.org/

[IANA 1999b] Internet Assigned Number Authority, Private Enterprise Numbers, ftp://ftp.isi.edu/in-notes/

HYPERLINK "file:///D:/Downloads/Livros/computao/Computer%20Networking/Computer%20Networking%20A%20Top-Down%20Approach%20Featuring%20the%20Internet/enterprise-numbers"iana/assignments/enterprise-numbers

[ISO 1987] Information processing systems - Open Systems Interconnection - Specification of Abstract Syntax Notation One (ASN.1), International Organization for Standardization. International Standard 8824, (December, 1987). [ISO X.680] X.680 : ITU-T Recommendation X.680 (1997) | ISO/IEC 8824-1:1998, Information Technology8.5 FirewallsVi ng c thc y s cn thit ca an ninh m chng ta cp trong Chng 7, chng ti ghi nhn rng Internet khng phi l "a im" an ton c rt nhiu k xu " Internet" v t nhp vo cc mng li mc bo ng (Trong mt bn tm tt cc cuc tn cng c bo co,xem Trung tm iu phi CERT [CERT 1999]; c gn 300 cuc tn cng c bit n, iu chng ti mun cp y l bc tng la, c thit k ngn chn, xem [Newman 1998]).Kt qu l, cc qun tr vin mng phi khng ch c quan tm vi vic gi cc bit chy thng sut thng qua mng li ca h, m cn phi m bo c s h tng mng ca h t cc mi e da bn ngoi.Chng ta bit rng SNMPv3 cung cp xc thc, m ha v kim sot truy cp bo m cc chc nng qun l mng.Trong khi iu ny l quan trng (chc chn, cc qun tr mng khng mun ngi khc c truy cp vo chc nng qun l mng), tuy nhin n ch l mt phn nh trong cc mi quan tm an ninh mng ca nh qun tr.Ngoi vic theo di v kim sot cc thnh phn ca mng, nh qun tr mng cng mun loi tr lu lng truy cp khng mong mun (tc l, nhng k xm nhp) t cc mng li qun l.y l ni a cc bc tng la vo. bc tng la l mt s kt hp gia phn cng v phn mm c tch ra t mng ni b ca mt t chc n t mng Internet rng ln, cho php cc kt ni c th vt qua v ngn chn nhng mng khc.T chc s dng cc tng la v mt hoc nhiu l do sau y:

ngn chn nhng k xm nhp can thip vo nhng hot ng thng nht ca mng ni b.i th cnh tranh ca mt t chc - hoc ch mt s cc prankster(k xu) trn Internet tm kim mt thi gian tt - c th tn ph trn mt mng khng c bo m.Trong cuc tn cng t chi dch v, k t nhp c quyn mt ngun ti nguyn mng quan trng, bt mng ni b phi thua cuc.Mt v d v mt cuc tn cng t chi dch v - ci gi l SYN flooding, trong c mt k tn cng gi gi mo kt ni TCP- thit lp cc segment n mt my ch c th.My ch thit lp b m bn ngoi cho mi kt ni, v trong vng vi pht khng gian b m khng cn cho cc kt ni TCP tht".- ngn chn nhng k xm nhp t xa, sa cha thng tin c lu tr trong mng ni b.V d, k tn cng c th c gng can thip vo b mt ca mt t chc cng khai trn mt my ch Web - mt cuc tn cng thnh cng c th c nhn thy bi hng nghn ngi trong vi pht.K tn cng cng c th c th c c thng tin th khch hng t cc my ch Web cung cp thng mi Internet(xem Phn 7,7).- ngn chn nhng k xm nhp t nhn c thng tin b mt.Hu ht cc t chc c thng tin b mt c lu tr trn my tnh.Thng tin ny bao gm b mt thng mi, k hoch pht trin sn phm, chin lc tip th, nhn vin h s c nhn, v phn tch ti chnh.Mt tng la n gin bao gm mt b lc gi tin.Cc tng la tinh vi hn bao gm s kt hp ca cc b lc gi tin v cc cng ng dng.8.5.1 Packet Filtering Lc gi tinMt t chc thng c mt router kt ni mng ni b ca mnh n ISP ca n (v t vo Internet).Tt c lu lng truy cp c ra/ vo mng ni b thng qua router ny.Hu ht cc nh sn xut router cung cp cc la chn cho vic lc; khi cc la chn ny c bt ln, router s tr thnh mt b lc thm vo mt b nh tuyn.Nh tn ca n, b lc cho php mt s datagram i qua cc b nh tuyn v lc ra cc datagrams khc.Cc quyt nh lc thng da trn:-a ch IP d liu (gi s) n .-Cc a ch IP ch.-Ngun TCP hoc UDP v cng ch.- Loi thng ip ICMP .- Khi to kt ni datagram s dng ACK bit TCP.Nh mt v d n gin, b lc c th c thit lp chn tt c cc segment (phn on )UDP v tt c cc kt ni Telnet.Nh mt cu hnh ngn cn ngi bn ngoi ng nhp vo my ch ni b bng cch s dng Telnet, ngi trong ni b ng nhp vo my ch bn ngoi bng cch s dng Telnet, v lu lng UDP k l ra/vo mng ni b. B nh tuyn lc lu lng UDP bng cch chn tt c cc datagram c trng giao thc c thit lp l 17 (tng ng vi UDP); n lc tt c cc kt ni Telnet bng cch chn tt c cc segment (phn on) TCP (mi phn on c ng gi trong mt datagram) c ngun hoc s cng ch l 23 (tng ng vi Telnet).Lc lu lng UDP l mt nguyn tc ph bin cho cc tp on - gy tht vng nhiu dn u cc nh cung cp m thanh v video trc tuyn, c dng sn phm trn UDP ch mc nh.Lc cc kt ni Telnet cng rt ph bin, v n ngn cn nhng k xm nhp t bn ngoi ng nhp vo cc my ni b.Mt nguyn tc lc cng c th da trn s kt hp ca a ch v s cng.V d, router c th chuyn tip tt c cc gi tin Telnet (port 23), ngoi tr nhng gi i v n t mt danh sch c th cc a ch IP.Nguyn tc ny cho php cc kt ni Telnet n v i t cc host trn danh sch.N t hiu rt cao - loi b tt c datagrams m c a ch ngun IP ni b - tc l, cc gi tin t xng n t cc host ni b nhng thc s li n t bn ngoi. Nhng gi d liu l mt phn ca cuc tn cng gi mo a ch, trong k tn cng gi danh n t mt my tnh ni b.Tht khng may, trn c s cc nguyn tc ca cc a ch bn ngoi khng cung cp bo v t mt my ch lu tr bn ngoi t xng l mt my ch khc bn ngoi.

Lc cng c th da vo c hay khng bit ACK TCP c thit lp.Th thut ny kh hu ch nu mt t chc mun cho khch hng ni b ca n kt ni vi my ch bn ngoi, nhng mun ngn chn khch hng t bn ngoi kt ni vi my ch ni b.Nh li t Phn 3.4 rng cc phn on u tin trong mi kt ni TCP c bit ACK t thnh 0 trong khi tt c cc phn on khc trong kt ni c bit ACK thit lp 1.V vy, nu mt t chc mun ngn chn khch hng t bn ngoi bt u kt ni n my ch ni b , n ch n gin l lc tt c cc phn on n vi bit ACK t thnh 0.Nguyn tc ny git cht tt c cc kt ni TCP c ngun gc t bn ngoi, nhng cho php kt ni c ngun gc ni b. By gi gi s mt t chc khng mun chn tt c cc kt ni c ngun gc t bn ngoi, thay vo n ch mun chn cc kt ni Telnet c ngun gc t bn ngoiLm th no c th lc hon thnh nhim v ny? xem cch cc b lc x l ny, chng ta hy xem cch cc trng c thit lp cho cc kt ni Telnet Telnet c ngun gc ni b v kt ni ngun gc bn ngoi (Bng 8.5.1):

Bng 8.5-1: Cc trng tiu trong v ngoi cc kt ni TelnetP v q trong bng trn l cc s cng (> 1023) giao cho cc my client (xem Phn 3.1).T biu ny, chng ti thy rng cc b lc c th chn cc kt ni Telnet c ngun gc t bn ngoi bng cch chn cc gi tin inbound (a ch ngun bn ngoi v a ch ch ni b) vi cng ch 23 , hoc bng cch chn cc gi tin gi i (a ch ngun v a ch ch ni b bn ngoi) vi cng ngun23.8.5.2 ng dng GatewaysB lc cho php mt t chc thc hin lc th, lc trn cc tiu IP v TCP / UDP , bao gm c cc a ch IP, s cng v cc bit xc nhn.V d, lc da trn s kt hp cc a ch IP v s cng c th cho php khch hng ni b n Telnet bn ngoi trong khi ngn cn cc khch hng bn ngoi dng Telneting bn trong.Nhng nu mt t chc mun cung cp cc dch v Telnet n mt s tp hn ch nhng ngi dng ni b?nhim v nh vy l vt qu kh nng ca mt b lc.Tht vy, thng tin v danh tnh ca ngi dng ni b khng c bao gm trong tiu IP / TCP / UDP ,m thay v trong cc d liu tng ng dng. c mt mc bo mt tt hn, cc bc tng la phi kt hp cc b lc gi tin vi cc cng ng dng.ng dng cc cng nhn vt ra ngoi tiu IP / TCP / UDP v thc s a ra cc quyt nh v nguyn tc da trn d liu tng ng dng.Mt cng ng dng l mt my ch ng dng c th thng qua tt c d liu ng dng (trong v ngoi ) phi vt qua.Nhiu cng ng dng c th chy trn cng mt my ch, nhng mi cng l mt server ring bit vi cc tin trnh ring ca mnh. c c mt ci nhn su vo cng ng dng, hy thit k mt bc tng la cho php ch mt s gii hn cc ngi s dng ni b Telnet bn ngoi v ngn chn tt c cc khch hng bn ngoi t Telneting bn trong.Nguyn tc nh vy c th c thc hin bng cch thc hin mt s kt hp ca mt b lc gi tin (trong mt b nh tuyn) v mt cng ng dng Telnet, nh trong hnh 8,51.B lc c cu hnh chn tt c cc kt ni Telnet ngoi tr nhng kt ni bt ngun a ch IP ca gateway ng dng.Nh mt cu hnh b lc to ln tt c cc kt ni Telnet ra ngoi u i qua cng ng dng.Khi mt ngi dng ni b mun Telnet vi th gii bn ngoi, ln u tin n s thit lp mt phin Telnet vi gateway.Gateway s nhc ngi s dng cho id ngi dng v mt khu ca mnh; khi ngi s dng cung cp thng tin ny, kim tra ca xem ngi s dng cho php Telnet n vi th gii bn ngoi cha?.Nu nu cha, ca chm dt phin Telnet.Nu ngi s dng c s cho php, sau cc cng (1) s nhc ngi dng cho tn my ca my ch bn ngoi m ngi dng mun kt ni, (2) thit lp mt phin Telnet gia gateway v my ch lu tr bn ngoi, (3) chuyn tipcho cc my ch bn ngoi tt c cc d liu n t ngi s dng, v chuyn tip cho ngi s dng tt c cc d liu n t cc my ch bn ngoi.Do , cng ng dng Telnet khng ch thc hin y quyn ngi dng m cn cng hot ng nh mt my ch Telnet v mt khch hng Telnet.Lu rng b lc ny s cho php bc (2) v cc cng ng dng khi to kt ni Telnet.

Hnh 8,5-1: Firewall bao gm mt cng ng dng v b lc mt.Mng ni b thng c nhiu cng ng dng, v d, cc cng cho Telnet, HTTP, FTP v e-mail.Trong thc t, my ch mail ca t chc (xem mc 2.4) v b nh m Web (xem Phn 2,9) l cng ng dng.Cc cng ng dng khng n phi l khng c nhng bt li.Trc tin, bn cn c mt cng ng dng khc nhau cho mi ng dng, m i hi phi ci t v cu hnh mt my ch mi cho mi ng dng.Th hai, hoc:- Phn mm my khch phi bit lm th no lin lc vi ca ng thay v my ch bn ngoi khi ngi dng to ra mt yu cu, v phi bit lm th no k nhng g bn ngoi cng kt ni vi my ch;-Hoc ngi dng r rng phi kt ni n my ch bn ngoi thng qua gateway.Chng ti kt lun phn ny bng cch cp l bc tng la khng c ngha l mt thuc cha bch bnh cho tt c cc vn an ninh.H gii thiu mt s cn bng gia cc mc giao tip vi th gii bn ngoi v mc an ninh.Bi v cc b lc khng th ngn chn gi mo a ch IP v s port, cc b lc thng s dng mt nguyn tc v d nh cm tt c lu lng UDP.Gateway c th c li phn mm, cho php k tn cng xm nhp chng.Ngoi ra, tng la hoc thm ch t hiu qu nu ngi dng ni b c giao tip khng dy vi th gii bn ngoi.i vi nhng l do ny v nhng ngi khc, tng la vn cn gy tranh ci, vi nhiu chuyn gia bo mt v qun tr mng th vic s dng chng l min cng .

Tham khoHai ti liu tham kho tuyt vi l [Chapman 1995] [Cheswick 1994].c gi cng nn c nhng trang web cho cc nh sn xut chnh ca bc tng la (v d, [Checkpoint 1999]).[Cert 1999] CERT, "CERT Summaries," http://www.cert.org/summaries/

[Chapman 1995] D.E. Chapman and E.D. Zwicky, "Building Internet Firewalls," O'Reilly and Associates, Sebastopol, CA, 1995

[Cheswick 1994] W.R. Cheswick and S. M. Bellovin, "Firewalls and Internet Security," Addison- Wesley, Reading, MA, 1994.

[Checkpoint 1999] Checkpoint Software Technologies Ltd. homepage, http://www.checkpoint.com

[Newman 1998] D. Newman, H. Holzbar, M. Carter, "Firewalls: Tough Enough", Data Communications Magazine, April, 1998.

.8.6 Tm ttNghin cu ca chng ta v qun l mng, v thc s l tt c ca mng my tnh, hon tt! Trong chng cui cng ny v qun l mng, chng ta bt u bng cch thc y s cn thit phi ca vic cung cp cc cng c thch hp cho cc nh qun tr mng - nhng ngi m cng vic ca h l gi cho mng li "ln v chy - theo di, kim tra, kim sot vng, cu hnh, phn tch, nh gi v kim sot hot ng ca mng. S tng t ca chng ta vi vic qun l cc h thng phc tp nh cc nh my in, cc my bay, v t chc ca con ngi gip thc y nhu cu ny. Chng ta thy rng kin trc ca cc h thng qun l mng xoay quanh nm thnh phn ch cht - (i) mt ngi qun l mng, (ii) mt tp cc thit b qun l t xa (t ngi qun l mng), (iii) cc c s thng tin qun l (MIBs) ti cc thit b ny, cha d liu v trng thi v hot ng ca thit b, v (iv) cc tc t t xa nhng ci m thng bo co thng tin MIB v a ra hnh ng di s kim sot ca ngi qun l mng, v (v) mt giao thc giao tip gia ngi qun l mng v cc thit b t xa. Sau chng ta i su vo cc chi tit ca Internet Network Management Framework, v giao thc SNMP ni ring. Chng ta thy lm th no SNMP cha nm thnh phn chnh ca mt kin trc qun l mng, v dnh thi gian ng k cho vic nghin cu cc i tng MIB, SMI - ngn ng nh ngha d liu cho MIB c th, v bn thn giao thc SNMP. Cn ch rng SMI v ASN.1 l gn kt cht ch vi nhau, v rng ASN.1 ng mt vai tr quan trng trong tng trnh din ca m hnh tham chiu by lp ISO/OSI, sau chng ta dnh thi gian ngn nghin cu v ASN.1. C l quan trng hn cc chi tit ca bn thn ASN.1, l lu cn cung cp vic bin dch gia cc nh dng d liu theo my trong mt mng. Trong khi m hnh tham chiu ISO/OSI tha nhn r rng s quan trng ca dch v ny bng s tn ti ca tng trnh din, chng ta lu rng tng ny l vng mt trong chng giao thc Internet. Cui cng, chng ta kt thc chng ny vi mt cuc tho lun v tng la - mt ch m nm trong cc lnh vc ca c bo mt v qun l mng. Chng ta thy c cch thc lc gi tin v cc cng mc ng dng c th c dng cung cp cho mng mt s mc bo v chng li nhng k xm nhp khng mong mun, c th cho php ngi qun l mng c th ng ngon hn vo ban m, khi bit mng l tng i an ton t nhng k xm nhp. Cng ng phi ch rng c nhiu ti trong qun l mng m chng ta khng chn nhc n trong ch ny nh xc nh li v qun l, ch ng pht hin bt thng, s tng quan bo hiu, v cc vn ln hn ca qun l dch v (v d, ngc vi qun l mng ). V quan trng, nn cc ch ny s hnh thnh mt ti liu theo ng ngha ca chng v chng ta s ch c tham kho c lu trong phn 8.1.Chng 8: Bi v nh

Cc cu hi n tp1) a ra nm trng hp gii thch ti sao mt ngi qun l mng s c hng li t vic c cc cng c qun l mng. 2) Trong nm lnh vc qun l mng theo quy nh ca ISO l g? 3) S khc bit gia qun l mng v qun l dch v l g? 4) Xc nh cc thut ng di y: qun l thc th, thit b qun l, tc t qun l, MIB, giao thc qun l mng. 5) Vai tr ca SMI trong qun l mng l g? 6) Mc ch ca cy nh danh i tng ASN.1 l g? 7) Mt khc bit quan trng gia mt thng ip p ng yu cu v mt thng ip by trong SNMP l g? 8) By loi thng ip c s dng trong SNMP l g? 9) Mt cng c SNMP ngha l g? 10) Vai tr ca ASN.1 trong tng trnh din ca m hnh tham chiu ISO / OSI l g? 11) Mng Internet c tng trnh din khng? Nu khng, lm th no cc lin quan v s khc bit trong kin trc my tnh c gii quyt, v d nh, vic biu din cc s nguyn khc nhau trn cc my khc nhau? 12) M ho TLV ngha l g? 13) S khc bit gia phng php s dng mt b lc v s dng mt cng mc ng dng trong tng la l g? Cc vn 1) Hy xem xt hai cch trong giao tip xy ra gia mt thc th qun l v mt thit b qun l: Di dng yu cu-phn ng v by. Nhng u im v nhc im ca hai phng php trn, theo quan im (i) trn, (ii) thng bo thi gian khi s kin c bit xy ra (iii) chu ng c vi cc tin nhn b mt gia cc thc th qun l v thit b?2) Trong phn 8.3 chng ta thy rng s thch hp hn vn chuyn cc thng ip SNMP trong cc datagram UDP khng tin cy. Ti sao bn ngh rng cc nh thit k SNMP li chn UDP ch khng phi l TCP nh l giao thc vn ti c la chn cho SNMP? 3) nh danh i tng ASN.1 cho giao thc ICMP l g (xem Hnh 8.3.1)? 4) Hy xem xt Hnh 8.4-4. M ha BER ca {weight, 271} {lastname, Jackson} l g?Cc cu hi tho lun1) Ngoi cc tng t nh bung li my bay v nh my in, cc tng t khc ca mt h thng phn tn phc tp m cn phi c kim sot l g?2) Xem xt trng hp vn hnh trong Hnh 8.1-1. Nhng hot ng no khc m bn ngh l mt ngi qun tr mng c th mun theo di l g? Ti sao?3) c RFC 789. Lm th no c th trnh c vic ARPAnet sp vo nm 1980 (hoc n gin l phc hi ca n) nu cc nh qun l ca ARPAnet c c cc cng c qun l mng ngy nay?4) Vit mt trang bo co v trin vng ca in thoi Internet trn th trng.5) Vn cung cp cc m bo QoS c th c gii quyt n gin bng cch "nm bng thng" ti cc vn , tc l, bng cch nng cp tt c cc nng lc lin kt cc hn ch bng thng khng cn l mi quan tm hay khng?6) Mt th trng mi xut hin th v s dng in thoi Internet v mng LAN tc cao ca mt cng ty thay th cho PBX ca cng cng ty (trao i chi nhnh t nhn). Vit mt trang bo co v vn ny. Bao gm cc cu hi sau y trong bo co ca bn:(a) Mt PBX truyn thng l g? Ai s dng chng?(b) Xem xt mt cuc gi gia mt ngi s dng trong cng ty v mt ngi s dng khc ngoi cng ty, ngi c kt ni bng mng in thoi truyn thng. Nhng loi cng ngh no l cn thit ti cc giao din gia mng LAN v mng in thoi truyn thng?(c) Ngoi cc phn mm in thoi Internet v giao din ca cu hi (b), nhng g khc lcn thit thay th cho PBX?7) Hy xem xt bn "tr ct" ca vic cung cp QoS h tr ti Phn 6.5. M t cc trng hp, nu c, theo mi tr ct c th b loi b.8) S dng Web tm ba cng ty sn xut cc gatekeeper H.323. M t sn phm ca h.