(More) Effectively Managing your MPLS VPNs with IBM Tivoli Network Manager V3.9 written by Matt Duggan, Senior Technical Staff Member
MPLS VPNs have become the defacto standard for providing virtual private networks across the WAN for service providers, governments and enterprises. MPLS is now a well established technology but managing VPN services in MPLS environments is still a challenge due to the complexity and scale of typical MPLS networks.IBM Tivoli Network Manager has had an MPLS discovery and management capability for a while and this has been enhanced with additional capabilities over a number of releases. Today I'm going to talk about how the next release of ITNM, v3.9, can increase operator efficiency and reduce the time taken to repair faults via three new capabilities - enhanced OAM (Operations, Administration & Maintenance) tooling, "links as 1st class objects" and enhanced "Service Affecting Events".
The OAM 'WebTool' infrastructure in ITNM v3.9 has been subject to a major overhaul that paves the way for more out-of-the-box content and greater exploitation of this important capability. The ITNM WebTool infrastructure allows operators to run ITNM server-local executables or sequences of CLI commands against network devices via Telnet and, new to 3.9, SSH by exploiting the device communications infrastructure. ITNM v3.9 also introduces the WebTool infrastructure to Microsoft Windows platforms for the first time.
Out-of-the-box, ITNM ships a number of OAM tools, including MPLS troubleshooting and diagnostic tools, which are accessible in-context from the devices displayed in the ITNM GUIs. The WebTool infrastructure makes it easy to add new tools to ITNM by adding XML files that describe the action of the tool (Local Executable/Telnet/SSH) including expected parameters, their types, default values, and how the output of the tool should be presented to the operator via HTML templates. Once the tool has been defined, it can be run via the CLI of the ITNM server or added to the right-click menu hierarchy for contextual-launches from the ITNM GUIs.
The value for MPLS management of the new WebTool infrastructure is that operators can be provided with a single tool that automates the running of numerous parameterised CLI commands against multiple devices in one invocation of the tool. This saves a huge amount of time given that the operators don't need to manually login to the device(s) and run each, potentially parameterised command. For instance, Cisco suggests that the following tasks be performed on each device when troubleshooting MPLS, all of which can be automated: - Verify That Routing Protocol Runs, Verify CEF Switching, Verify MPLS, Ping the Neighbours, Verify Label Distribution, Verify Label Bindings, Verify That Labels Are Set.
The second capability, "links as 1st class objects", is a major improvement in ITNM’s visualization and contextual OAM (Operations, Administration & Maintenance) tooling. ITNM v3.9 significantly expands on previous capabilities by allowing operators to determine network link capacity and state at-a-glance via variable line thicknesses and line colour-coding and status annotations. In addition to this, ITNM v3.9 also provides operators with the ability to invoke OAM tools in-context of a selected link and so they can, for instance, ping both ends of an IP addressed link with a single mouse-click.
For MPLS networks, the value of determining link capacity, state and enhanced OAM tooling is that operators immediately gain link-specific status information and that they can invoke complex sequences of troubleshooting and diagnostic tools in-context of MPLS-related connections.
For instance, if a Provider Edge (PE)-to-Customer Edge (CE) connection fails, ITNM shall colour-code and state-annotate the failed link and provide the operator with the opportunity to run OAM tools in-context of the specific connection. In the case of an MPLS VPN, this could include running CLI commands on the PE router and retrieving customer contact information for the site where the CE device is located.
The last improvement is an enhancement to ITNM’s MPLS-related event correlation capabilities. ITNM recently introduced 'Service Affecting Event' (SAE) functionality that, alongside standard Root Cause Analysis (RCA), puts network service context around events relating to the managed network, such as a PE-CE link failure being considered to affect a specific VPN.
ITNM v3.9 expands on the existing SAE correlation capabilities by being able to exploit a separate list of discovered ITNM resources that are considered to be those resources that a defined service depends on. For instance, an MPLS VPN between two sites will have PE router interfaces in the VPNs Virtual Routing & Forwarding (VRF) instances but a separate dependency on interfaces that the PE router uses to connect to the Provider-Core (P) router in the network.
The first adoption of this new capability is realized by a new ITNM discovery agent and enhanced MPLS VPN objects that include the list of PE->P and P->PE router facing interfaces for each VPN. This allows ITNM to take into account an 'extra hop' into the network when determining whether or not a specific VPN has been affected.
The value of this capability to the operator is that a seemingly separate interface problem on a PE or P-router can be associated with VPN instances using the specific pair of interfaces to connect the PE router to the P router in the core of the network, even if the PE router is multi-homed.
I hope you've found this post about how ITNM can more effectively manage your mission-critical MPLS VPN services informative and useful.