Network Management

‘The network was originally small and local. The job of network managers then included:

• Installation (e.g., attach PCs, printers, etc. to LAN)
• Configuration (e.g., configuring Network interface cards, protocol stack, user app’s shared printers, etc)
• Testing (mere Pinging was sufficient to “manage” network)
• Managing devices like a bridge, router etc.

The job was manageable, and the network manager could take on a lot of responsibilities.

Today, networks are larger and more complex than they used to be decades ago. The responsibility of network managers has evolved and become more complex.’¹⁶’

Responsibilities of network managers

Network management tends to involve configurations (hardware and software), ongoing maintenance, and testing, (looking for issues and how to do things better).

For example, how do we optimise network performance? How do we manage failures and network changes? How do we extend network capacity? How do we account for network usage? And how do we solve network security issues? In the past, a network manager could have managed all of these duties, as networks have grown more complicated, network management has been broken into various specialities, including system administration, network administration and cyber security.

Because networks are large, complex, and continue to grow rapidly, the task of administering a network now involves juggling a variety of hardware, software, and networking technologies. More efficient methods of configuring, monitoring, acquiring network data, and operating network infrastructures are therefore required. Most of these procedures can be automated to simplify things for network administrators.

Network management is the process of controlling a complex network to maximize its efficiency and productivity.

It includes:

• the deployment, integration, and coordination of the hardware,
• software and human elements to monitor
• test, poll, configure
• analyse and evaluate
• control the network resources to meet the real-time operational performance, and Quality of Service requirements at a reasonable cost.’¹⁷

The overall goal of network management is to help with the complexity of a network and to ensure that data can go across it with maximum efficiency and transparency to the users.

Network management is mostly a combination of local and remote configuration and management with software.

Remote network management is accomplished when one computer is used to monitor, access, and control the configuration of other devices on the network.

Network Management Architecture

‘Most network management architectures follow the same basic structure and set of relationships. Diagram 1 illustrates the basic structure and components of a typical network management architecture. The functions of the components are described as follows:’18

• End Stations (or Managed Devices): These devices (such as workstation, client machine, router, switch, hub, bridge) to be monitored and/or controlled. A managed device could also have several managed objects to be managed. The managed devices run software (agent) allowing them to send alerts when they recognize problems. Problems are recognized when one or more user-determined thresholds are exceeded.
• Agents: Agents are software modules that compile information about managed devices in which they reside, store the information Management Information Base (MIB) or management database, and provide access to information/parameters (data) about the devices to management entities within the network management system through a network management protocol.

^{Diagram 1: Managed devices / End Stations} 

• Management Entities: These are devices used by the manager or the administrator to do network management tasks. The devices could be a PC, notebook, terminal, etc., within the network management system that uses network management protocol to interact with the end stations. Upon receiving the alerts from the managed devices, the management entities are programmed to react by executing one, several, or a group of actions, including:
  • Operation notification
  • Event logging
  • System shutdown
  • Automatic attempts at system repair
    Management entities can also pool end stations to check the values of certain variables. The polling process can be automatic, or end-user initiated.
• Network Management System (NMS) does the job of visualizing, displaying, and analyzing data from management agents.

Network Management Protocol

This is the set of rules that coordinates the interaction between the management entity and the managed devices.

• The management entity can query the status of the managed devices and take actions on/at the devices via its agents
• Agents can use the protocol to inform the management entity of exceptional events
• A popular example of NMP is the Simple Network Management Protocol (SNMP) (more on SNMP in the subsequent section.) and Common Management Information Protocol (CMIP).
• Managing agents located at managed devices are periodically queried by the managing entity through a network management protocol

It is important to note that the network management protocol does not manage the network. Instead, it provides capabilities that a network administrator can use to manage (“monitor, test, poll, configure, analyse, evaluate, and control”) the network.

Network Management Proxies: These entities provide management information on behalf of other entities.

ISO Network Management Model

The International Organization for Standardization (ISO) network management model defines five functional areas of network management. This model is the primary means for understanding the major functions of a network management system. The five functional areas are listed below:

• Fault Management
• Configuration Management
• Performance Management
• Security Management
• Accounting Management.

Each functional area is described in detail in the following subsections:

Fault Management:

• Fault management captures the process of locating faults, and problems on the data network.
  It involves several steps:
  • Detection of the fault
  • Determining the location of the fault
  • Notifying the user of the extent of the fault
  • Isolation of the fault from the rest of the network so that the network can continue to function
  • Reconfiguring or modifying the network in such a way as to minimise the impact.
  • Automatically fixing the failed components through repair or replacement so that the network can keep running effectively.
  • Tests the network functionalities including connectivity, data integrity and response time etc.
  • Document the problem’s detection and resolution

Table 1: Fault Management Sub-Categories

Sub-categories	Metrics
Prioritization	Prioritize faults in the order in which they should be addressed Use in-band management packets to learn about important faults. Identify which fault events should cause messages to be sent to the manager. Identify which devices should be polled and at what intervals. Identify which device parameter values should be collected and how often. Prioritize which messages should be stored in the manager’s database.
Timeliness Required	Management Station is passive and only receives event notifications. Management Station is active and polls for device variable values at required intervals. Application periodically requests a service from a service provider.
Physical Connectivity Testing	Using a cable tester to check that links are not broken.
Software Connectivity Testing	Using an application that makes a request of another device that requires a response. The most often application for this is Ping.Exe. It calls the Internet Control Message Protocol (ICMP) which sends periodic Echo Request messages to a selected device on a TCP/IP network. Application on one device makes a request of an application on another device.
Device Configuration	Devices are configured conservatively to minimize chances of dropped packets.
SNMP Polls	Devices are periodically polled to collect network statistics.
Fault Reports Generated	Thresholds configured and alarms generated. Text media used for report. Audio media used for report. A color graphical display used to show down devices. Human manager is notified by pager.
Traffic Monitored	Remote Monitors used. Protocol analyzers used. Traps sent to Network Management Station. Device statistics monitored.
Trends	Graphical trends generated to identify potential faults19

• Table 1 describes some metrics used to measure the performance of various fault management sub-categories.
• Central to the definition of fault management is the fundamental concept of a fault. Faults are to be distinguished from errors. A fault is an abnormal condition that requires management attention (or action) to repair.
• A fault is usually indicated by failure to operate correctly or excessive errors. For example, if a communications line is physically cut, no signals can get through. Or a crimp in the cable may cause wild distortions so that there is a persistently high bit error rate. Certain errors (e.g., a single bit error on a communication line) may occur occasionally and are not normally considered to be faulted. It is usually possible to compensate for errors using the error control mechanisms of the various protocols.
• ‘The goal of fault management is to detect, log, notify users of, and (to the extent possible) automatically fix network problems to keep the network running effectively. Because faults can cause downtime or unacceptable network degradation, fault management is perhaps the most widely implemented of the ISO network management element.’²⁰

Configuration Management

• The configuration of certain network devices controls the behaviour of the network.
• Configuration management is concerned with the configuration aspects of network devices, such as configuration file management, inventory management, and software management. It is the process of finding and setting up (configuring) devices in the network.
• In general, the goal of configuration management is to monitor network and system configuration information so that the effects on network operation of various versions of hardware and software elements can be tracked and managed.
• Configuration management involves the following steps:
  • Installation of new hardware/software
  • Tracking of changes in control configuration
  • Who, what and why?
  • Revert/Undo changes
  • Change management
  • Configuration audit
  • Does it do what was intended?

Table 2: Configuration Management Sub-Categories

Sub-categories	Metrics
Configuration (Local)	Choice of medium access protocol. Choice of correct cabling and connectors. Choice of cabling layout. Determining the number of physical interfaces on devices. Setting device interface parameter values. Interrupts. I/O Addresses. Network layer addresses (e.g., IP, NetWare, etc.). Configuration of multiport devices (e.g. hubs, switches and routers). Use of the Windows Registry. Comparing current versus stored configurations. Checking software environments. SNMP service.
Configuration (Remote)	From the network management station. Disabling device ports. Redirecting port forwarding. Disabling devices. Configuring routing tables. Configuring security parameters such as community strings and usernames. Configuring addresses of management stations to which traps should be sent. Verifying integrity of changes
Configuration (Automated)	Using the Dynamic Host Configuration Protocol (DHCP) to configure IP addresses. Using Plug and Play enabled NICs for automatic selection of interrupts and I/O addresses. Domain Name Services (DNS) addresses. Trap messages from agents.
Inventory (Manual)	Maintaining records of cable runs and the types of cables used. Maintaining device configuration records. Creating network database containing for each device: Device types. Software environment for each device Operating systems. Utilities, drivers, applications versions. configuration files. vendors contact information. IP address Subnet address
Inventory (Automated)	Auto-discovery of devices on the network using an NMS. Auto-determination of device configurations using an NMS. Creation of a network database. Auto-mapping of current devices to produce a network topological map. Accessing device statistics using an NMS and the Desktop Management Protocol

• Table 2 above describes some metrics used to measure the performance of various configuration management sub-categories.
• Configuration management subsystems store configuration information in a database for easy access. When a problem occurs, this database can be searched for clues that might help solve the problem.

Performance Management

• Performance management involves measuring the performance of network hardware, software, and media.
• The goal of performance management is to monitor, measure and make available various aspects of network performance so that inter-network performance can be maintained at an acceptable level.
  • Examples of performance variables that might be provided include throughput, availability, user response times and line utilisation. Table 3 below shows some of the metrics used to measure the performance variables of Performance management subcategories.
  • Examples of measured activities could include:
    • What is the level of capacity utilisation?
    • Are there bottlenecks?
    • Has throughput been reduced to unacceptable levels?
    • Is response time increasing?
    • What is the error rate?
• Performance management involves several steps:
  • Gathering performance data on the performance indicators of interest to the network administrator.
  • Analyse the data to determine baseline level or abnormal level.
  • Determine appropriate performance thresholds for each important variable such that exceeding these thresholds indicates a network problem worthy of attention.
• Management entities continually monitor performance variables. When the performance threshold is exceeded, an alert is generated and sent to the network management system.
• Network administrators need performance statistics to help them plan, manage and maintain large networks.

Table 3: Performance management Sub-categories

Sub-categories	Metrics
Collecting Baseline Utilization data	Measuring link utilisation using a probe. Counting packets received/transmitted by a specific device Measuring device processor usage Monitoring device queue lengths Monitoring device memory utilisation Measuring total response times.
Collecting a History of Utilization Data	Measuring utilisation and response times at different times of the day Measuring utilisation and response times on different days over an extended period.
Capacity Planning	Manually graphing or using a network management tool to graph utilisation as a function of time to detect trends Preparing trend reports to document the projected need for and the cost of network expansion.
Setting Notification Thresholds	Having a network management tool poll devices for values of critical parameters and graphing these values as a function of time Setting polling intervals. Setting alarms/alerts on those parameters when the threshold is reached or a percentage of it is reached Initiating an action when the threshold is reached such a sending a message to the network manager
Building Databases	Having the network management tool create a database of records containing device name, parameter, threshold, and time for off-line analysis. Using the database to extract time dependence of utilization. Using the time dependence of parameters to decide when network upgrades will be necessary to maintain performance21
Running Network Simulations	Using a simulation tool to develop a model of the network. Using the model’s parameters and utilization data to optimize network performance
Latency	Query/Response time interval

Security Management

• The goal of security management is to control access to network resources according to local guidelines so that the network cannot be sabotaged (intentionally or unintentionally) and sensitive information cannot be accessed by those without appropriate authorisation.
• A security management subsystem, for example, can monitor users logging on to a network resource, refusing access to those who enter inappropriate access codes.
• Security management subsystems work by partitioning network resources into authorised and unauthorised areas.
• Security management is a very broad subject; therefore, we will only cover security management related to SNMP and basic device access security in this paper.
• Security management subsystems perform several functions:
  • Identifying sensitive network resources (including systems, files, and other entities).
  • Determine mapping between sensitive network resources and user sets.
  • Monitor access points to sensitive network resources.
  • Log inappropriate access to sensitive network resources.
  • Control access to network/resources using authentication, authorisation, firewalls, intrusion detection systems, etc.

Table 4: Security Management Sub-categories

Sub-categories	Metrics
Applying Basic Techniques	Identifying hosts that store sensitive information. Management of passwords. Assigning user rights and permissions. Recording failed logins. Setting remote access barrier codes. Employing virus scanning. Limiting views of the Enterprise network. Tracking time and origin of remote accesses to servers.
Identifying Access Methods Used	Electronic Mail. File Transfer. Web Browsing. Directory Service. Remote Login. Remote Procedure Call. Remote Execution Network Monitors. Network Management System.
Using Access Control Methods.	Encryption. Packet filtering at routers. Packet filtering at firewalls. Source host authentication. Source user authentication.
Maintenance	Audits of the activity at secure access points. Executing security attack programs (Network Intrusion Detection). Detecting and documenting breaches. generated daily for analysis
Accessing Public Data Networks	No restrictions - hosts are responsible for securing all access points. Limited access - only some hosts can interface with the Public Data Network using a proxy server.
Using an Automated Security Manager.	Queries the configuration database to identify all access points for each device. Reads event logs and notes security-related events. Security Manager shows a security event on the network map. Reports of invalid access point attempts are generated daily for analysis.

Accounting Management

• Accounting management is concerned with the process used to track and measure network utilisation parameters so that individual or group users on the network can be regulated appropriately for the purposes of accounting or chargeback.
• Like performance management, the first step toward appropriate accounting management is to measure the utilisation of all important network resources. Analysis of the results provides insight into the current usage patterns.
• Usage quotas can be set at this stage. Some corrections will be required to reach optimal access practices.
• From that point on, ongoing measurement of resources use can yield billing information as well as information used to assess continued fair and optimal resource utilisation.

Generally, a simple protocol defines common data formats and parameters and allows for easy retrieval of information. A complex protocol adds some change capabilities and security. An advanced network management protocol remotely executes network management functions, and it is independent of the network protocol layer.

In this section, you will be introduced to the most widely used network management protocol called Simple Network Management Protocol (SNMP), the different protocol versions and Remote network monitoring (RMON).

Simple Network Management Protocol

‘SNMP is beyond the simple protocol with adequate monitoring capabilities and some change capabilities. It is the most widely used data network management protocol. It is an application layer protocol that provides a message format for communication between management entities (managing servers) and agents executing on behalf of that managing server. As mentioned earlier, an agent is a network management software running on a device to be managed. The agent’s job is to retrieve (or optionally write) the variables stored in the management database (also known as Management Information Base (MIB)) of variables that make up the parameters of the device.

Most network components used in enterprise network systems have built-in network agents that can respond to an SNMP network management system. This enables new components to be automatically monitored.’²²

The most common usage of SNMP is in a request-response mode in which an SNMP managing server sends a request to an SNMP agent, who receives the request, performs some action, and sends a reply to the request. Typically, a request will be used to query (retrieve) or modify (set) MIB object values associated with a managed device. A second common usage of SNMP is for an agent to send an unsolicited message, known as a trap message, to a managing server. Trap messages are used to notify a managing server of an exceptional situation (e.g., a link interface going up or down) that has resulted in changes to MIB object values.

Cisco Prime is a classic example of an SNMP manager. A Cisco router might run the SNMP agent, and a MIB variable might be the load on the router’s interface.

^{Figure 2: SNMP Network Architecture}

The objective of network management is to build a single protocol that manages both OSI and TCP/IP networks. Based on this goal, SNMP, or SNMPv1, was first recommended as an interim set of specifications for use as the basis of common network management throughout the system.

SNMP Versions

• It is worth mentioning at this point that there are various versions of SNMP, including SNMPv1, SNMPv2 and SNMPv3.
• SNMPv1 is extremely legacy, and not often encountered in networks today. it has various issues, including constant pooling, no manager-to-manager communications, and does not offer any security features.
• SNMPv2 had several enhancements over the first version. Many of these were improvements in the messaging system to make obtaining large amounts of statistics from the devices more efficient. Unfortunately, not so much was done in security.
• Both SNMPv1 and SNMPv2 rely on SNMP community strings to authenticate access to MIB objects.
• These community strings are just clear-text passwords. These days, clear text is not even considered a security mechanism because they are so vulnerable to a man-in-the-middle attack in they are compromised through the capture of the packets
• There are two types of community strings in SNMP Version 2:
  • Read-only (RO): Provides access to the MIB variables, but does not allow these variables to change, only read. Because security is so weak in Version 2c, many organizations only use SNMP in this read-only mode.
  • Read-write (RW): Provides read and write access to all objects in the MIB.
• SNMPv3 comes with a security feature in network management protocol.
• The security features provided in SNMPv3 are as follows:
  • Message integrity: This helps ensure that a packet has not been tampered with in transit.
  • Authentication: This helps ensure that the packet came from a known and trusted source.
  • Encryption: This helps to ensure that information cannot be read if the data is captured in transit.

Figure 2 shows the architecture of a typical SNMP used for TCP/Ip network management with the key elements. The architecture includes:

• A management entity that hosts the network management application,
• An agent that provides information contained in the MIB to the management entity and accepts control information from the management entity.
• An MIB which defines the information that can be collected and controlled by the management application
• The TCP/IP network stack with network management protocol (SNMP), which is the protocol used to link the management station and the management agents. The manager process achieves network management using SNMP, which is implemented over the User Datagram Protocol (UDP).
• Given the request-response nature of SNMP, it is worth noting here that although SNMP protocol data units PDUs can be carried via many different transport protocols, the SNMP PDU is typically carried in the payload of a UDP datagram
• SNMP agents must also implement SNMP and UDP protocols.
• SNMP is a connectionless protocol, which means that each exchange between a management station and an agent is a separate transaction. This design minimizes the complexity of the management agents.
• ‘Since UDP is an unreliable transport protocol, there is no guarantee that a request, or its response, will be received at the intended destination. The request ID field of the PDU (see figure 3 for the SNMP PDU format) is used by the managing server to number its requests to an agent; the agent’s response takes its request ID from that of the received request.
• Thus, the request ID field can be used by the managing server to detect lost requests or replies.
• It is up to the managing server to decide whether to retransmit a request if no corresponding response is received after a given amount of time. In particular, the SNMP standard does not mandate any procedure for retransmission, or even if retransmission is to be done in the first place. It only requires that the managing server “needs act responsibly in respect to the frequency and duration of retransmissions.”
• Management entity requests are sent to UDP port 161, while the agent sends traps to UDP port 162’²³
• Figure 2 and Figure 3 show that SNMP supports five types of protocol data units (PDUs). The manager can issue three types of PDUs on behalf of a management application: GetRequest, GetNextRequest, and SetRequest. The first two are variations of the GET function. All three messages are acknowledged by the agent in the form of a GetResponse message, which is passed up to the management application.
• Another message that the agent generates is trap. A trap is an unsolicited message and is generated when an event that affects the normal operations of the MIB and the underlying managed resources occurs.
• the SNMP-managed device can independently notify the Network Management System when a problem occurs using SNMP traps. Traps are SNMP messages that are sent from the network device that also lists the state of a MIB variable; but because the device decides to send the information without being asked, the NMS can react differently.

^{Figure 3 Elements of SNMP Communication}

Table 5 describes the various SNMPv2 PDU types, the corresponding sender and receiver of each PDU type and the description of each messaging function.

Table 5: SNMPv2 Protocol Data Unit Types

SNMPv2 PDU Types	Sender-To-Receiver	Description
GetRequest	manager-to-agent	get value of one or more MIB object instances
GetNextRequest	manager-to-agent	get value of next MIB object instance in list or table
GetBulkRequest.	manager-to-agent	get values in large block of data, for example, values in a large table
InformRequest	manager-to-agent	inform remote managing entity of MIB values remote to its access
SetRequest	manager-to-agent	set value of one or more MIB object instances
Response	agent-to-manager or manager-to-manager	generated in response to GetRequest, GetNextRequest, GetBulkRequest, SetRequest PDU, or InformRequest
SNMPv2-Trap	agent-to-manager	inform manager of an exceptional event #

^{Figure 4: SNMP Protocol Data Unit Format}

Remote network monitoring (RMON)

Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data. RMON provides network administrators with more freedom in selecting network-monitoring probes and consoles with features that meet their networking needs.

• A RMON implementation typically operates in a client/server model
• Remote network monitoring (RMON) is, on the other hand, the most important addition to the basic set of SNMP standards. It defines a remote network monitoring MIB that supplements MIB-2 and provides the network manager with vital information about the internetwork.
• Remote network monitoring devices, often called monitors or probes, are instruments that exist for the purpose of managing a network.
• The RMON can produce summary information of the managed objects, including error statistics, performance statistics, and traffic statistics. The managed objects, including error statistics, performance statistics, and traffic statistics.
• Based on the statistics information, the status of the managed objects can be observed and analyzed.

RMON Versions:

• The original version is RMON1 which focused on OSI layer 1 and layer 2 information in Ethernet and Token Ring networks. It has been extended by RMON2 which supports Network- and Application-layer monitoring. The most visible and beneficial capability in RMON2 is monitoring above the MAC layer, which supports protocol distribution and provides a view of the whole network rather than a single local area network (LAN) segment. RMON2 also enables host traffic for applications to be recorded. It is an industry-standard specification that provides much of the functionality offered by proprietary network analyzers. RMON agents are built into many high-end switches and routers.

SysLog and NetFlow

A proper implementation of Simple Network Management (SNMP), system message logging (syslog), and NetFlow, can ease a network administrator’s workload and overall stress levels (and even help save his or her job). Protocols and best practices in these areas can help the admin be proactive rather than reactive.

‘SysLog (System Message Logging)

• Syslog is a logging standard for error messages, warning messages, and other system messages sent to the Network Management System from the network devices such as switches, routers, and firewalls. Syslog permits various Cisco devices to send system messages across the network to Syslog servers.
• Internally, Cisco network devices send system messages and debug output to a local logging process inside the device. A network administrator can then dictate (using configuration) what this logging process does with these messages.
• For example, an administrator might want them sent across the network to a Syslog server. Or perhaps might want them sent to an internal buffer so that one can view them at their convenience right through the device CLI.
• The administrator can even specify that only certain types of system messages are sent to various destinations. For example, the administrator may not want debug-level messages sent to the external Syslog server because of plans to observe those messages at the CLI.
• Popular destinations for Syslog messages include the following:
  • The logging buffer (RAM inside the router or switch).
  • The console lines
  • The terminal lines
  • A Syslog server
• Logging to the device’s internal buffer is the most efficient method of handling system messages, but the most popular is to log messages to Syslog server software.
• Syslog servers log the messages and usually provide an easy means to display, delete, filter, search and sort the messages for easier troubleshooting.’²⁴

• Benefits of SysLogs
  • Are event-driven
  • Can enable automated analysis of events from disparate sources
  • Can be used for incident response and compliance verification.
• NetFlow (Network Flow)
  • ‘Networking professionals are usually in need of a simple and efficient approach for tracking TCP/IP flows in the network. This is because the information acquired through this could be used to easily identify potential network bottlenecks, guide network improvements and redesigns, and could even assist in billing consumers of the network. Because of these needs, Cisco invented NetFlow. This powerful network protocol quickly became a standard, and it is now supported by other networking giants.
  • While network protocols such as SNMP attempt to provide a very wide range of network management features and options, NetFlow is designed to provide statistics on IP packets efficiently flowing through network devices.
  • While the potential uses of the statistics that NetFlow provides are quite vast, most organizations use NetFlow for some or all of the following key purposes:
    • General network traffic accounting for baseline analysis
    • Usage-based network billing for consumers of network services
    • Network design, including redesigns to include new network devices and applications to meet the needs of growing infrastructures
    • General network security design
    • Denial of service (DoS) and distributed DoS (DDoS) detection and prevention data
    • Ongoing network monitoring’

^{Figure 5: NetFlow in a Typical network}

A key to NetFlow, breaks down TCP/IP communications for statistical record keeping using the concept of a flow. What is a flow according to the NetFlow application?

A flow is a unidirectional stream of packets between a specific source system and a specific destination system.

For NetFlow, built around TCP/IP, the source and destination are defined by their network layer IP addresses and their transport layer source and destination port numbers.

NetFlow distinguished flows using a combination of seven key fields. Should one of these fields varies in value from another packet, the packets could be safely determined to be of different flows:

• Source IP address
• Destination IP address
• Source port number
• Destination port number
• Layer 3 protocol type
• Type of Service (ToS) marking
• Input logical interface.

The first four fields NetFlow uses to identify a flow should be familiar. The source and destination IP addresses, plus the source and destination ports, identify the connection between the source and destination application.

The Layer 3 protocol type identifies the Layer 3 protocol header after the IP header. Also, the ToS byte in the IPv4 header holds information about how devices should apply quality of service (QoS) rules to the packets in that flow

Activities - Network Management Consideration

1. Because SNMP uses two different port numbers (UDP ports 161 and 162), a single system can easily run both a manager and an agent. What would happen if the same port number were used for both?
2. We have seen that SNMP uses UDP as its transport protocol. Why was UDP chosen over TCP?
3. What is the disadvantage of having the network management system operate at the application layer?
4. Many network administrators use the ping program as a primary management tool.
   1. Why would you ping a network device?
   2. Why would you ping yourself?

Share your answers in the forum. Discuss and comment with your peers.