A friendly KOBAN system for managing a medium size LAN network.

Masahiro Ishigaki(ishigaki@econ.tohoku.ac.jp)
Graduate School of Econopmics and Management, Tohoku University
Kawauchi, Aoba-ku, Sendai
Japan

Shizuko Katayama(kata@econ.tohoku.ac.jp)
Graduate School of Econopmics and Management, Tohoku University
Kawauchi, Aoba-ku, Sendai
Japan

Kazuo Doi(kazuo@cysol.co.jp)
Cyber Solutions
6-6-3, Minami Yoshinari
Aoba-ku, Sendai
Japan

Glenn Mansfield(glenn@cysol.co.jp)
Cyber Solutions
6-6-3, Minami Yoshinari
Aoba-ku, Sendai
Japan







1. Introduction
2. The problem areas
3. The Issues and Concerns
4. The Approach
5. Conclusion
REFERENCES



[1. Introduction]

The growth of the Internet has been uneven. There are areas, not necessarily economically backward, where Internet proliferation has been remarkably slow. The contrast is perhaps most glaring in the academic arena. While in the engineering and science faculties of a university the Internet has permeated fast, in the Arts and Humanities faculties the growth has been remarkably slow. A similar phenomena is observed in the case of primary and secondary schools. The main reason being that the required level of expertise of network users - planners, managers and administrators just cannot be met,particularly in areas populated by network-illiterate folks. The authors had been tasked with facilitating the Internet deployment in a premier department of a prestigious university. In this work we describe the problems we faced, the strategies adopted, the tools developed, and the results we achieved after two years of toil. The major thrust of our work has been in two directions:
(a) development of tools to solve operational problems and
(b) putting in place, at the grassroot level, systems and procedures to ensure continuity and development.

Tohoku University is one of the prestigious national universities of Japan. The networking technology in the university has always been in a very advanced state. It got its 100Mbps optical fiber based campus backbone network way back in 1987. [1]. The engineering and science departments were fast in utilizing the campus network infrastructure to get connected to the Internet. But the Arts and Humanities departments seemed to have missed the Internet revolution. In late 1997 one of the authors was given the specific charge of managing the nearly non-existant network facilities of the economics department of Tohoku University. Since then the authors have been involved in planning, executing and operating the network of the economics department. Also, in order to analyse and understand the problem better the authors carried out several sample surveys among teachers,staff and students of the department and recorded network and computer related statistics in the department since 1997.

1.1 Computing and network facilities in the department.

Fig.1

Table 1. Number of computers in the department

YearLaboratoryTraining
room		LibraryOfficeFor
teachers		Graduate
students' room		Rental
for students		Number of
LAN users
199513393310125037
199613393311725043
19971539439525089
1998163946110308759
199917404911340141032

Teachers have Internet access from their respective rooms. They can use personal notebook computers during lectures. Students can have network access at all times from the designated computer room. On the average about 100-150 students access the network from the computer room daily. Students can also have network access using their personal computers during seminars and discussions in the networked seminar room. Graduate students can have Internet access from their personalised desktops in their respective laboratories. Table 2 shows the number of teachers, students and other staff and the network users among them in the Faculty of Economics and, the Graduate School of Economics and Management. The number of computers in the department is shown in Table 1. The number of computers do not show any noticable annual increase. But before 1997 the computers were used mainly for offline data and document processing.

Table 2. LAN Utilization at the Economics Department

Total LAN users%
Teachers545398.1
Research staff1515100.0
Students137596470.1
Total1444103271.5


As can be seen in Fig. 2, with 1,100 odd users the department was late to ride the Internet wave. It is worth noting that the economics department joined the Internet bandwagon in 1996 some nine years after the university got its state of the art optical fiber backbone. Fig.2

[2. The problem areas ]

It is evident, from fig. 2. that the growth in Internet usage in our department has seen a delay of about three years when compared with the trend in the developed countries and the network-literate departments in the university itself. We investigated the delay and found that the Internet wave was held back from reaching the shores of the economics department due to the following reasons

  1. infrastructural deficiencies:
    • delays in renewal of hardware in the department
    • delays in networking of servers and client machines
    • general user un-friendliness of the related applications and literature

  2. absolute lack of education and training in Internet and related applications
    • no education and training of students about how to use the Internet
    • no education and training of faculty and staff about how to use, manage and run the Internet
    This situation resulted in
    • dearth of effective Internet administrators, supervisors and managers
    • dearth of effective instructors and lack of courses and tutorials to develop Internet awareness

  3. lack of any organized network support assistance and consultancy system inside and outside the department. There are commercial network consultancy services but the lack of basic Internet awareness led to a wariness in negotiating with the consultants and availing of their services.

Since 1997, machines have been upgraded in steps. The department's LAN coverage has also been extended to connect (almost) all the data processing equipment in the department. The growth in networking is indicated by more requests related to hardware and software. There has also been a remarkable increase in the number of requests related to network troubles. Figure 3. shows the annual trend of the activities at the computer and network support center.

Fig.3

Table 3. Category-wise Support

Year199719981999
Hardware35.524.730.0
Software54.750.041.6
Network9.925.328.4

In Table 3 the support requests are classified into three categories viz. hardware, software and network. Network support requests have increased every year. Moreover, in hardware too, network related problems e.g. ethernet connectivity problems, have figured prominently. Similarly in the software category network application related problems e.g. mailer problems, constitute a major share. As the network expanded, the need for a network management system to monitor the actual network usage, the operational status, faults, and security of the network grew larger. Also, to inculcate a greater network awareness among users and budding administrators the need of a more widely usable network management system was felt.
A two pronged approach was taken

  1. a human network organization to build network awareness and skills at the grassroots
  2. development of tools to suit "our" needs as "network-illiterate" administrators.


[3. The Issues and Concerns]

On the human resources front our major concern was to develop human networking at the grassroots while attempting to make it easier for more senior level staff and researchers to reach the threshold where network usage is more pleasure and less pain. A critical mass of knowhow needed to be built into the department to ensure progress and growth. In the absence of this critical mass of knowhow a viscious circle sets in - effective support is not available as enough knowhow is not there, there are not enough users as there is not enough support, and knowhow is not developing as there are so few users.

On the technical front our major concerns were:

(1) Operational: managing the IP-address space, detecting and tracing duplicate IP-addresses, unauthorized IP-addresses, monitoring status and usage of dial-in ports, the servers, the department LAN segments, maintaining an online and updated map of the department network down to the leaf node.

(2) Security: Detecting unauthorized users within the department. There have been instances of complaints from outside the department of illegal usage from users inside the department. Defending against attacks from outside the department.


[4. The Approach]

4.1 Human network organization

Fig.4


The actual network management staff of the department was very much constrained due to lack of manpower. Recruiting and assigning new staff is a difficult proposition. More so, when the task is managing something as untangible as the Internet. There was very little that could be done by the network management staff physically by operating independently and isolated. Thus, the authors adopted the strategy of building a multi-layered support structure. Each layer supported a specific group of users. And together this multi-layer structure comprised the network management group of the department. The role of the network management staff was to coordinate the working of the three layers and to ensure that progress was being made in the right directions. In the following we describe each group and their role in the network management structure.

  1. Students layer
    • This group comprised of volunteers from students. They were the fastest in learning and adapting to the Internet. They also have been the most active and effective in spreading the Internet. The activity of this layer covered a wide span. The student volunteers-
    • Instructed roughly 300 students a year on how to use network applications like mailers and browsers
    • Studied and understood network management, discussed real problems and issues, and also sought solutions
    • Provided user support in the computer room and students' laboratories
    • Maintained and supervised a student's web-site
    • It is worth noting that the students themselves developed a very effective user authentication and certification system [6] for using the public resources in the computer room. In its present state the system is reasonably robust. This was the result of several trial and errors and numerous upgrades which the students carried out very willingly and with a spirit of challenge.

  2. Support staff from network-literate departments e.g. Information Sciences.
    • In some matters it was imperative to obtain assistance. We sought to develop a close relationship with students of other network-literate departments like Information Sciences and Electrical Engineering. The students were glad to work part-time. Their assistance amounted to tens of hours of part-time service per month. But this group provided a good pool of knowhow and the student volunteers gained much from interactions with these folks. Their activity mainly consisted of
    • Administration of network servers
    • Technical advise to student volunteers

  3. Network Researchers
    • We were in close contact with network researchers whom we consulted on a regular basis on matters like- the most appropriate network configuration, application and devices. We found it much easier to discuss with this group of academically inclined people than people with commercial interests.
      These people essentially assisted us by
    • counseling on network systems
    • drawing up networking monitoring and data collection requirements
    • helping us analyze and understand network data
    • educating student volunteers


4.2 Technical approach

In our perception the challenge of the Internet is one of distribution and dissemination. Distributed information collection and distributed information dissemination. For the distributed network information collection and management system we designed and developed KOBAN and for distributed network information access we designed NetSkate. In the following we describe the two systems.

4.2.1 The KOBAN system

The basic idea was the development of a distributed monitoring system based on the Japanese KOBAN (street-corner police box) system.

Fig.5

In short, a simple home-grown network monitoring agent was placed in every segment of the department's network. These agents report to a set of supervisory agents.


Design and Implementation of KOBAN

Fig.6


The Distributed Network Management System consists of a monitoring AGENT for each of the network segments and a few Supervisory AGENTS. The monitoring agents are responsible for monitoring their respective network segments for information like addresses (IP/MAC) of all the connected machines, interface status, traffic flows. They may also be programmed to collect dynamic configuration information, intrusion related information. The supervisory agents are responsible for collating the information received from the monitors and to seek additional information as and when the need arises.

Fig.7


The general tasks of the monitoring agent are given below:


The general tasks of the supervisory agent are given below:


The general features of the KOBAN system are

  1. Supports standard management protocol - SNMP with all the security features built-in
  2. Special MIBs are built in to support distributed operations.
  3. It is scalable and robust. The distribued nature ensures that one part of the network does not affect the operation of another part. More over multiple supervisors ensure that there is no single point of failure.


The major areas of relief provided by the KOBAN system are

  1. Duplicate IP addresses are promptly detected and accurately located. The Koban agents monitor all the devices and their MAC addresses in the delegated segment. With some new users connecting devices to the network and assigning arbitrary addresses, the problem of duplicate IP adfdresses has been a major irritant in the department.
  2. Detecting illegal devices in the department. All devices that need to be connected to the network are required to have their MAC addresses registered at the office. Using the reports from the KOBANs the supervisor looks up the MAC address registry database to decide if that is a legal address or a spurious one. Moreover using the report of network usage of the registered devices it has now become possible to take care of external claims of illegal accesses launched from the departments network.
  3. Managing the network configuration. Statistics of the inter-segment and intra-segment network traffic provides important input to the network (re)configuration activities.

4.2.2 NetSkate

The main design philosophy of NetSkate[2] is to make the access of network information as open and easy as possible. Network management related information is not the exclusive domain of network operators, managers and professionals. The user on the net also should have access to network management information to understand the network better and to feel more familiar with the network and its "quirks" and to be able to use it less stressfully and more effeciently. More specifically, knowing what the configuration of the network really is, does help in making the network less alien and abstruse to the user. The available commercial packages in general did not meet this requirement. One of the major design decisions was to make the network information accessible through the available and familiar browser interface. Thus users do not need any special software to access online and in realtime the network related information.

Fig.8

Presently NetSkate serves information on [5]

  1. Network Configuration
  2. Historical network traffic
  3. Online network traffic
  4. Interface status of the main network devices in the network
  5. Mail statistics
  6. Web Statistics
Using Netskate network operators could understand the dynamics and the utility of the network, well. For example some of the notable inferences were-

[5. Conclusion]

To promote the Internet awareness and usage in a network-illiterate domain the authors adopted a two pronged strategy. On one hand a human network organization to build network awareness and skills at the grassroots was developed. This involved building a multi-layer support structure from scratch. This probably has been the single most important strategic decision that has led to the successful promotion of the Internet in the department On the other hand we concentrated on development of tools to suit "our" needs as "network-illiterate" administrators. These tools provided a framework for more open access of network information and were critical in spreading the network awareness among users and administrators alike. The net result has been reasonably rewarding. The network size has grown by 1000% the budget has increased by 500% and user coverage is near 100%. We believe that the Economics department model and related findings will be useful to other Internet-under-developed institutions, organizations and regions.


REFERENCES

[1] SuperTAINS, http://www.tohoku.ac.jp/TAINS/SuperTAINS/index-j.html
[2] NetSkate: Design principles. Glenn Mansfield et.al. Technical note Cyber Solutions, March 1999.
[3] Network Maps: Synthesis and Applications, G. Mansfield, K. Jayanthi, A, Ashir, N. Shiratori, Proceedings of APSITT'99, Ulaanbataar, Mongolia, August, 1999
[4] Towards trapping wily intruders in the large, Glenn Mansfield et. al. 2nd Int'l Workshop on Recent Advances in Intrusion Detection (RAID99), Indiana, USA, September 1999
[5] NetSkate, http://netskate.econ.tohoku.ac.jp/
[6] KEIKO system: Design principles. K Sugawara et.al., Technical report E008, August 1999.