geantcampus » start page » netw_monitoring_oct_2009

Network monitoring workshop for GN3/NA3/T4

Dates October 20 - 21 2009
Venue AMRES/RCUB, Kumanovska bb
Faculty of electrical engineering
University of Belgrade, Bulevar Kralja Aleksandra 73 See this link
Hotels See this link

Workshop Objective

The network monitoring workshop is organized within the GEANT3/NA3/T4 task “Campus Best Practice”. Four countries are contributring to the task; Norway, Serbia, The Czeck Republic and Finland. The task group has refined its work into 9 subtasks (not all countries commiting to all subtasks). The subtasks are: Procurement, Basic infrastructure, A/V, Light path service, LAN infrastrucure and IPv6, Wireless, Network monitoring, SIP and IP telephony and Security.

All countries are committed to the subtask of network monitoring. There seems to be a related history of developing and providing tools on the national level, for managing the NREN itself, but also for monitoring the campus networks.

The objective of this workshop is to bring (some of) the network monitoring experts of the participating NRENs together to share their experiences, show features and future plans for home-made (and other) tools, discuss common denominators and thus lay grounds for future collaboration and planned Best Practice Documents in the area.

Since the event has a particular campus focus and since AMRES is hosting the event, the task group is pleased that participants from Serbian universities also will attend, in addition to the neigboring countries of FYR Macedonia (MARNet) and Montenegro (MREN).


# Name Organization Comment
1 Vidar Faltinsen UNINETT Task leader of NA3/T4
2 Morten Brekkevold UNINETT Developer of NAV
3 Arne Øslebø UNINETT Developer of Qflow and Stager
4 Jiri Navratil CESNET
5 Tomas Podermanski CESNET/Brno University
6 Jan Vykopal Masaryk University Brno
7 Ales Friedl CESNET
8 Janne Oksanen FUNET
9 Jani Myyry FUNET
10 Ljiljana Adzic MREN
11 Vladimir Gazivoda MREN
12 Goran Muratovski MARNet/UKIM
13 Vangel Ajanovski MARNet/PMF
14 Slavko Gajin AMRES Developer of ICmyNet
15 Mara Bukvic AMRES
16 Dusan Pajin AMRES Developer of ICmyNet
17 Ivan Ivanovic AMRES Testing and Implementation
18 Esad Saitovic AMRES
19 Bojan Jakovljevic AMRES
20 Ivan Nejgebauer ARMUNS/CITUNS/University of Novi Sad
21 Aleksandar Sudarevic ARMUNS/CITUNS/University of Novi Sad
22 Ratko Bucic JUNIS/University of Nis
23 Srdjan Stevanovic JUNIS/University of Nis
24 Zoran Mihailovic (1st day)/Milos Djonovic(2nd day) UNIC/University of Kragujevac
25 Marko Zivanovic Faculty of electrical engineering/UoB
26 Velimir Kalik Institute of nuclear science Vinca
27 Dusan Vuckovic Faculty of electronic engineering/UoN
28 Stevan Rosic Faculty of mechanical engineering/UoK
29 Marko Vujkovic Faculty of chemistry/UoB
30 Sasa M. Milasinovic Teacher's faculty/UoB
31 Nemanja Martinovic Institute of Physics


Also see abstracts below the agenda.

Tuesday October 20, 2009

Session Title Person Duration
S1 0900-1030 Chair: Mara Bukvic
S1.1 Welcome to Belgrade, AMRES and RCUB Slavko Gajin, AMRES 20 min
S1.2 The GN3 Campus Best Practice task and the GigaCampus project Vidar Faltinsen, UNINETT 10 min
S1.3 Overview of network monitoring activity in Norway Vidar Faltinsen, UNINETT 30 min
S1.4 Overview of network monitoring development at AMRES Slavko Gajin, AMRES 30 min
S2 1100-1230 Chair: Jiri Navratil
S2.1 University Campus Network Monitoring in Everyday Life Tomas Podermanski, Brno University of Technology 30 min
S2.2 Network monitoring in Funet Jani Myyry, FUNET 30 min
S2.3 Report from FYR Macedonia and Montenegro Ljiljana Adzic/Goran Muratovski 30 min
S3 1400-1530 Chair: Vidar Faltinsen
S3.1 ICMyNet.IS Slavko Gajin, AMRES 45 min
S3.2 The Campus NMS tool NAV Morten Brekkevold, UNINETT 45 min
S4 1600-1730 Chair: Slavko Gajin
S4.1 Draft on network management architecture Ivan Ivanovic/Esad Saitovic, AMRES 30 min
S4.2 Network management requirements/recommendations Vidar Faltinsen, UNINETT 30 min
S4.3 Round the table discussions: tools people use or would like to have All 30 min

Wednesday October 21, 2009

Session Title Person Duration
S5 0900-1030 Chair: Mara Bukvic
S5.1 ICMyNet.Flow Dusan Pajin, AMRES 1h
S5.2 Flows at Masaryk University Brno Jan Vykopal, Masaryk University 30 min
S6 1100-1230 Chair: Vidar Faltinsen
S6.1 Presenting and aggregating network statistics with Stager Arne Øslebø, UNINETT 30 min
S6.2 Passive monitoring service Ales Friedl, CESNET 30 min
S6.3 Experiences Deploying and Operating a Large-Scale Monitoring Infrastructure Arne Øslebø, UNINETT 30 min
S7 1400-1530 Chair: Vidar Faltinsen
S7.1 Advanced traceroute Ales Friedl, CESNET 30 min
S7.2 A perfSONAR implementation using NetConf Arne Øslebø, UNINETT 20 min
S7.3 Discussions on passive monitoring and end to end measurements All 30 min
S7.4 ICmyNet.MIB tool - SNMP/MIB browser Ivan Ivanovic 10 min
S8 1600-1730 Chair: Mara Bukvic
S8.1 Report from FYR Macedonia Vangel Ajanovski 10 min
S8.2 Campus network situation in Belgrade Mara Bukvic, AMRES 30 min
S8.3 Visit AMRES/RCUB equipment room 50 min


S1.2 The GN3 Campus Best Practice task and the GigaCampus project

About GN3 Campus Best Practice: A task within GEANT3 focuses on campus issues; i.e. NA3/T4 Campus Best Practices. The overall objective of the task is to address key challenges for the European campus networks and provide an evolving and to-the-point set of best-practice documents for the community. Four pilot NRENs participate in the task; Norway, Finland, Czeck and Serbia. Each country will set up a national campus coordinated activity. The Norwegian GigaCampus experience serves as a useful reference in the work.

More information at

About GigaCampus: The GigaCampus project is a four year initiative (2006 - 2009) put forward by UNINETT and supported by the Norwegian government. The overall objective is to address key networking challenges on the campus networks of Norwegian universities and university colleges. The program defines a number of goals divided into seven focus areas; physical infrastructure, networking, mobility, person-to-person communication (SIP), security, management and operations, and end-to-end quality.

GigaCampus introduces UNINETT Task Force; working groups consisting of IT professionals from universities and university colleges. The working groups define best practices which are used as guidelines on our collaborate path towards an improved end-to-end network infrastructure.

GigaCampus activity will continue after 2009. A plan for a new project is currently being made.

More information at

S1.3 Overview of network monitoring activity in Norway

UNINETT has a long tradition of developing our own network monitoring and management software. All of the tools we use for managing the NREN infrastruture are either in-house or open source. A list of all the tools can be seen here. The most vital tool is the in-house tool Zino that is basically a router interface link monitor and status monitor. It also collects traffic statistics and includes a traffic map. We have also made a weather map implementation. Another important tool for our NOC is the open source Hobbit monitor used for service monitoring.

A recent in-house development is the interactive network simulation and visualisation tool, PyMetrix. PyMetrix allows the simulation of metric changes, router failures and link outages, and provides various information relating to the changes in topology and routing. It can also consider link loads and how changes affect the load distribution.

In addition there are a set of tools that are provided to the universities and collages to manage their campus networks. The GigaCampus project has provided servers, so called GigaCampus tool boxes, to the universities with a tailor-made set of campus network tools. Read more about the GigaCampus tool boxes here.

The most vital tool on this platform is NAV, further detailed in talk S4.1

S1.4 Overview of network monitoring development at AMRES

Development of AMRES network has been followed by the development of in-house monitoring solutions and support for network operations. In close cooperation with AMRES NOC we have recognized that network problems are shared by many network administrators, not only in NRENs but in any professional network in general. Therefore, our software development has been governed by the idea to cover a wide set of most frequent problems using general solutions.

The presentation describes why and how we started this work and what were the main developing directions and challenges. Over the years, our motivation to include new features was specially pointed out in reflection to newly deployed network technologies and services. The presentation will be concluded with an overview of current activities and plans for further improvement and new features.

S2.1 University Campus Network Monitoring in Everyday Life (Brno)

This presentation will describe experience with the monitoring of the university campus network. Used hardware and software facilities will be described in the presentation. The weak points and problems regarded with the campus monitoring systems will be discussed.

S2.2 Network monitoring in Funet (CSC/FUNET)

The presentation will give an overview of the network monitoring situation in Funet. The most important tools in use and the background processes that support the monitoring will be described. Funet is currently phasing into a DWDM based network which extends the monitoring requirements as compared to a traditional IP network. The backbone network reliability is monitored from different aspects including routing protocols, IPv6 and multicast. Funet also monitors the quality of customer access connections, provides tools for problem resolving and online reports with historical trends of usability.

S3.1 ICmyNet.IS

ICmyNet.IS is an advanced, efficient, web based network information and monitoring system. The system aims to discover, collect and provide all relevant networking information and help the network administrators in their everyday technical activities. It performs both active and passive monitoring, giving reliable and up-to-date status information regarding the network infrastructure, services and network devices.

This presentation will be dedicated to ICmyNet.IS system architecture, monitoring functionalities, other tools and use cases.

S3.2 The Campus NMS tool NAV

NAV or Network Administration Visualized is an advanced software suite to monitor large computer networks. It automatically discovers network topology, monitors network load and outages, and can send alerts on network events by e-mail and SMS, allowing for flexible configuration of alert profiles.

Devolopment startet at the Norwegian University of Science and Technology (NTNU) in 1999. It originated as a collection of scripts used internally by NTNU. In 2001 UNINETT became interested in the development, and has since been funding NAV development at NTNU on behalf of all universities and colleges in Norway. In 2006 the development of NAV was moved from NTNU to UNINETT. NAV is currently deployed on approximately 35 universities and colleges around Norway, in addition there are numerous active installation around the world.

This talk will focus on presenting the functionality of NAV, but also the architecture of the system, database design, SNMP collection system design, etc.

S4.1 Draft on network management architecture

There are two goals which should be accomplished to get good implementation of NMS which satisfies modern demands for secure network monitoring and control solutions. First goal is to define network architecture (physical and logical topology) for various environments, and to define location of NMS and it’s communication to each monitored device (L2/L3 network devices, servers, UPS, etc…). Second goal is to make a decision of which management protocols are recommended for use in such environments, and possibility of their implementation and use on different types of devices. Defining set of variables that will be used for network monitoring is also very important. That way we can get insight in the network condition and quickly solve any problem.

S4.2 Network management requirements/recommendations

This talk summarizes the experiences over the years from the Norwegian campus NMS tools and puts forward our recommendations on design of a campus NMS setup. I.e. we recommend using a set of tools rather than one monolithic tool. There should however be one system that copes with all events and alarms. Redundancy should be considered, preferably without introducing to much complexity. Further we will touch upon security issues regarding SNMP and recommended network design implications. Essential SNMP requirements for the network equipment is also covered in the talk.

S5.1 ICmyNet.Flow

ICmyNet.Flow is a Web based system which collects and stores data exported from network devices, using NetFlow protocol. This proprietary but open Cisco protocol gives valuable information about all individual traffic connections, such as source and destination host addresses and port numbers, traffic volume in bytes, packets, and flows, QoS information and other details. ICmyNet.Flow can manage advanced network traffic analysis without using specialized hardware.

This presentation will be dedicated to ICmyNet.Flow system architecture consisting of different parts:

  • ICmyNet.Flow/Collector - Collects NetFlow data from different sources
  • ICmyNet.Flow/Aggregator - Analyses raw NetFlow data according to user configuration
  • ICmyNet.Flow/Web - User interface

Available analysis, raw data searching, typical use cases will be also presented.

S5.2 Flows at Masaryk University Brno

This presentation is focused on utilization of continuous IP flow monitoring by computer security incident response team (CSIRT). We summarize our experience with development and operation at Masaryk university including hardware and software infrastructure. Our research projects in this field will be also introduced.

S6.1 Presenting and aggregating network statistics with Stager

Stager is a system for aggregating and presenting network statistics. Stager is generic and can be customized to present and process any kind of network statistics. The backend collects data and stores reports in a database, automatically handling the aggregation of hourly statistics into days, weeks, and months. The Web frontend presents data in tables, matrices, or plots. The reports are fully customizable, and their definitions are stored in an XML file.


S6.2 Passive monitoring service

Passive monitoring can provide useful network characteristics inherent to real network traffic. Examples include load dynamics in short timescales, protocols and application being used in the network, traffic anomalies, which can be signs of network attacks or network performance experienced by users. A pilot phase of passive monitoring deployment took place in the GN2 project. We present our proposal of extending the passive monitoring service in the GN3 project.

S6.3 Experiences Deploying and Operating a Large-Scale Monitoring Infrastructure

For the last few years UNINETT has deployed a large number of active and passive measurement probes. The probes are offered as a service to our customers and are usually installed on the main access links of the customers. With the probes we can do deep packet analysis for application recognition and quality of service measurements. Active measurements are used for monitoring the routing stability in the network and the quality of multicast traffic. In this presentation we will give an overview of our experiences in deploying and running this large scale active and passive monitoring infrastructure. We will show some of the problems involved in getting everything installed and also demonstrate some of the applications that are running on the monitoring probes.

S7.1 Advanced traceroute

Many performance problems in the current Internet are caused by misconfiguration, faulty components or exceeding capacity in some point in a network path. We describe an “advanced traceroute” that traverses an end-to-end path similarly as a standard traceroute, but it also provides performance information about links and nodes in both directions of a network path collected from SNMP measurement points of the perfSONAR monitoring framework.

S7.2 A perfSONAR implementation using NetConf

UNINETT has identified several problems with the current perfSONAR implementations and has proposed a solution where the NMWG protocol in perfSONAR is replaced with the IETF protocol Netconf. This presentation will give a short overview of the problems with NMWG and some details about our solution using Netconf.

S7.3 Discussions on passive monitoring end to end measurements

Some issues to discuss:

  • What are the advantages with the various types of network cards
  • Is accurate time synchronizing with external GPS antennas really necessary?
  • What can be achieved/what is lost using ordinary network cards for passive monitoring?
  • Lightwight measing probes that can easily be moved around campus - good idea? How can it be implemented?

S7.4 ICmyNet.MIB tool - SNMP/MIB browser

ICmyNet.MIB is a simple tool used as a SNMP browser. Presentation will be dedicated to different functionalities: SNMP access and versions, MIB loading, databases

geantcampus/netw_monitoring_oct_2009.txt · Last modified: 2010/02/08 14:27 (external edit)

Viktig melding:

UNINETT OpenWiki er under utfasing. Wikier som er lite brukt er satt i kun-lese-modus. Ta kontakt med UNINETT for å åpne for skrivetilgang ved behov.

Group memberships: no groups