CITM600, Module 9 - Proactive Network Management https://de.torontomu.ca/de_courses/templates/m/?c=37588C655CA22...

Introduction
Network management is an important task that is often overlooked because most network
administrators do not realize the importance of proper network management. A properly managed
network saves time and money in the long run. It can help an organization analyze current network
behaviour, apply upgrades appropriately, and troubleshoot any problems with upgrades. However,
network management consumes network bandwidth since it requires collecting data from the devices
of the network.

Machine learning is applied to many domains nowadays. Machine learning is applied for network
management as well. Now the question is: has Network Management benefitted from the application
of Machine Learning? Read this article for a detailed idea about the impact of Machine Learning On
Network Management.

Please read the article and answer the following questions:

Quiz
1. How is machine learning helping network management?
a. Machine learning algorithms can predict potential network problems before they
happen.
b. Machine learning algorithms can pinpoint capacity requirements early.
c. Machine learning algorithms can identify user network problems.
d. Machine learning algorithms can make recommendations to fix the problems.
e. All of the given options.

Check Your Answer

2. Machine learning uses the data that is already running throughout the network.
a. True
b. False

Check Your Answer

This module discusses the different network management processes and the application of machine
learning algorithms to improve network management processes.

1 of 12 2025-07-04, 10:01 p.m.

CITM600, Module 9 - Proactive Network Management https://de.torontomu.ca/de_courses/templates/m/?c=37588C655CA22...

Topics and Learning Objectives

Topics
Network Management Design
Proactive Network Management
Fault Management
Configuration Management
Accounting Management
Performance Management
Security Management
Network Management Protocol: SNMP
Machine Learning
Machine Learning to manage Fault, Configuration, Accounting, Performance, and Security
(FCAPS)

Learning Objectives
Describe the importance of Network Management
Discuss the Network management processes FCAPS
Explain the working principle of the SNMP protocol
Identify the use of Machine Learning for FCAPS
Calculate the Network Traffic Caused by Network Management

Readings

Reading

Required Readings
Parziale, L., Liu, W., Matthews, C., Rosselot, N., Davis, C., Forrester, J., & Britt, D. T.
(2006). TCP/IP Tutorial and Technical Overview
Chapter 17: Network Management

2 of 12 2025-07-04, 10:01 p.m.

CITM600, Module 9 - Proactive Network Management https://de.torontomu.ca/de_courses/templates/m/?c=37588C655CA22...

Priscilla, O. (2011). Top-Down Network Design, 3rd edition

Chapter 9: Developing Network Management Strategies

Ayoubi, S., Limam, N., Salahuddin, M. A., Shahriar, N., Boutaba, R., Estrada-Solano, F.,
& Caicedo, O. M. (2018). Machine learning for cognitive network management. IEEE
Communications Magazine, 56(1), 158–165.

Recommended Readings
Overview of SNMP and its configuration, Cisco Press.
Mathew, A. (2020), Artificial Intelligence for Intent-Based Networking. International
Journal of Computer Science Trends and Technology (IJCST) – Volume, 8.

Proactive Network Management

Network management can be proactive or reactive. Proactive management is desirable since it gives
an early warning about the issues. Proactive management involves monitoring network devices about
their status and performances. For management purposes, we need to collect the data from the
network devices. Collecting too little data may not be enough to conclude network issues. On the
other hand, collecting too much data might not always be very useful, unnecessary, and a waste of
bandwidth. Therefore, a tradeoff is desirable. An appropriate tool can make the task easier.

Proactive management means checking the network’s health during normal operation to recognize
potential problems, optimize performance, and plan upgrades. Statistical results can be compared
with the expected availability, response time, throughput, and usability.

Network Management Processes

Network management tasks are organized into five areas: Fault management, configuration
management, accounting management, performance management, and security management. Now
let’s describe each of these management processes:

Fault management

Fault management includes detecting, isolating, reporting, diagnosing, and correcting problems.
Monitoring tools use protocols such as Simple Network Management Protocol (SNMP) and
Remote Monitoring (RMON) and automatically report faults to the network manager. Most
operating systems report forms with detailed information about the faults.

Configuration management

3 of 12 2025-07-04, 10:01 p.m.

CITM600, Module 9 - Proactive Network Management https://de.torontomu.ca/de_courses/templates/m/?c=37588C655CA22...

Configuration management helps keep track of network devices and maintain information about
their configuration. It helps easy management of the configuration settings with different
versions. Dynamic configuration protocols (such as DHCP) reduce the workload of network
managers on configuration management.

Accounting management

Accounting management facilitates usage-based billing, whereby individual departments or

projects are charged for network services. Accounting network usage can be useful to catch
departments or individuals who “abuse” the network. The abuse could be intentional (for
example, a disgruntled employee or former employee causing network problems) or
unintentional (people playing network games do not intend to harm the network but could cause
excessive traffic). A practical reason to track unexpected traffic growth is so that the traffic can
be considered during the next capacity-planning phase.

Performance management

Performance management helps measure network performance and guarantee the quality of
service. It helps the service provider monitor and ensures service quality based on the service-
level agreement. Two types of performance should be monitored:

Tab Panels (expanded):

Tab: End-to-end performance

It measures performance across the internetwork. It can measure availability, capacity,

utilization, delay, delay variation, throughput, reachability, response time, errors, etc.

Tab: Component performance

Measures the performance of individual links or devices. For example, throughput and
utilization on a particular network segment can be measured. Additionally, routers and
switches can be monitored for throughput (packets per second), memory and CPU
usage, and errors.

Security management

4 of 12 2025-07-04, 10:01 p.m.

CITM600, Module 9 - Proactive Network Management https://de.torontomu.ca/de_courses/templates/m/?c=37588C655CA22...

Security management allows a network manager to maintain and distribute passwords and other
authentication and authorization information. Security management also includes processes for
generating, distributing, and storing encryption keys. One important feature of security
management is collecting, storing, and examining security audit logs.

Network Management Architecture

Network management involves continuous monitoring of devices, automatically collecting data, and
generating reports. A network management architecture consists of three major components.

Tab Panels (expanded):

Tab: A managed device

A network node that collects and stores management information.

Managed devices can be routers, servers, switches, bridges, hubs, end systems, or printers.

Tab: An agent

An agent is network management software that resides in a managed device. It tracks local
management information and uses a protocol such as SNMP to send information to network
management systems.

Tab: A network management system (NMS)

It runs applications to display management data, monitor and control managed devices, and
communicate with agents. An NMS is generally a powerful workstation that has sophisticated
graphics, memory, storage, and processing capabilities. The NMS is typically located in a
network operations centre (NOC).

5 of 12 2025-07-04, 10:01 p.m.

CITM600, Module 9 - Proactive Network Management https://de.torontomu.ca/de_courses/templates/m/?c=37588C655CA22...

Figure 9.1: Network Management Architecture.

Source: Priscilla, O. (2011)

Figure 9.1 illustrates the network management architecture. It shows the relationship between
managed devices, agents, and NMSs. In the diagram, the NMS monitors and controls the three
managed devices. Each managed device has an agent software installed, and the NMS
communicates with the agent software.

In-Band Versus Out-of-Band Monitoring

The primary purpose of a network is to carry user data from one node to another. Network
management data is not user data and is considered overhead. It can be carried from the managed
hosts to the network management system (NMS) through the same path as the data-carrying path
called in-band monitoring. In-band monitoring is easy to develop but consumes user bandwidth,
affected by any network issue such as fault, congestion, etc.

The network management data can be carried from the managed hosts to the network management
system (NMS) through a path other than the data-carrying path called out-of-band monitoring. Out-of-
band monitoring is complex, expensive, and poses an additional security risk. However, it is not
affected by issues in the data network. Some manufacturers have added separate management ports
to their devices. Out-of-band management uses a separate network (different from the data network)
for transporting management data to the management system from each managed device.

6 of 12 2025-07-04, 10:01 p.m.

CITM600, Module 9 - Proactive Network Management https://de.torontomu.ca/de_courses/templates/m/?c=37588C655CA22...

Centralized Versus Distributed Monitoring

Network management can be centralized or distributed. In a centralized monitoring architecture, all
NMSs reside in one area of the network, often in a corporate NOC. Agents are distributed across the
internetwork and send data such as ping and SNMP responses to the centralized NMSes. The data is
sent via out-of-band or in-band paths.

Distributed monitoring means that NMSes and agents are spread out across the internetwork. A
hierarchical distributed arrangement can be used whereby distributed NMSes send data to
sophisticated centralized NMSes using a manager-of-managers (MoM) architecture. A centralized
system that manages distributed NMSes is sometimes called an umbrella NMS.

Network Management Tools

Several network management protocols and tools are available for managing and monitoring
networks. Among them, the popular ones are Simple Network Management Protocol (SNMP),
Remote Monitoring (ROMON), Cisco NetFlow, and Cisco Discovery Protocol (CDP).

Video
Please watch the video Network Monitoring Tools [8:07] and answer the following questions:

Quiz
1. Which one is used to monitor packet flow?
a. SNP
b. Interface monitoring
c. Port scanner
d. NetFlow
e. None of the given options.

Check Your Answer

2. Port scanners can be used to determine the up/down status of a device.

a. True
b. False

7 of 12 2025-07-04, 10:01 p.m.

CITM600, Module 9 - Proactive Network Management https://de.torontomu.ca/de_courses/templates/m/?c=37588C655CA22...

Check Your Answer

Network Management Protocol: SNMP

SNMP is an application-layer communication protocol that allows network devices to exchange
management information among the devices in the same network and with other devices outside the
network. Through SNMP, network administrators can manage network performance, find and solve
network problems, and plan network growth.

An SNMP-managed network consists of a management system, agents, and managed devices. A

management system executes monitoring applications and controls managed devices. Management
systems execute most of the management processes and provide the bulk of memory resources
used for network management. A network might be managed by one or several management
systems. An SNMP agent residing on each managed device translates local management information
data – such as performance data or event and error data – into a readable form for the management
system.

Machine Learning
Machine learning (ML) is a popular technique for extracting knowledge from data. Using analytical
experimentation, ML is used to find the probability of a certain outcome. ML is learning through
reasoning based on probability mathematics. ML can be used for automating network operations and
management. ML goes beyond learning or extracting knowledge to utilizing it and improving it with
experience. Essentially, ML is applied to problems that can be solved using inference and have large
representative training data. Fundamental to ML is feature extraction, which determines the best
discriminators for learning and inference.

Machine Learning to Manage FCAPS

For FCAPS management, different ML techniques are employed. ML models are applied for proactive
fault prediction, fault localization, and automated mitigation to minimize downtime and human
intervention. ML models are applied for configuration management. As the network state constantly
changes, network managers are constantly configuring the network to adapt to these changes, which
is a cumbersome and error-prone process. ML can help automate this process by training models to
identify optimal state-action pairs as the network behaviour changes over time. ML models can be
applied to the accounting data to analyze usage data for fraud detection. ML models can predict
traffic load and quality of service correlation for proactive and adaptive network performance
management. For security management, ML models are used for anomaly detection, threat detection,
etc. The following table lists the machine learning techniques used in FCAPS.

8 of 12 2025-07-04, 10:01 p.m.

CITM600, Module 9 - Proactive Network Management https://de.torontomu.ca/de_courses/templates/m/?c=37588C655CA22...

Table 9.1: Sample machine learning techniques used in FCAPS.

Management area Management function Machine learning techniques

Fault Fault prediction NN, k-NN, k-Means, DT, BN,

SVM

Fault localization NN, k-NN, k-Means, DT

Automated mitigation BN, SVM

Configuration Adaptive resource allocation Q-Learning, Deep

Adaptive service configuration Q-Learning

Accounting Fraud detection Linear regression

Performance Traffic load and metrics NN, BN, SVM

prediction

QoE-QoS correlation DT, BN, SVM, Q-learning

Security Misuse detection NN, DT, BN, SVM

Anomaly detection NN, DNN, k-NN, k-means,

DT, Ensemble BN, SVM

Source: Ayoubi, S., et al. (2018)

Summary
One of the goals of a network designer is to help the customer to develop some strategies and
processes for implementing network management. The customer will need help selecting tools and
products to implement the strategies and processes. This module discusses the processes and tools
to meet customers’ goals for network manageability. We have also discussed how machine learning
models are used for network management. Management is often overlooked when designing a
network because it is considered an operational issue rather than a design issue. However, by
considering network management upfront, instead of tacking it on at the end of the design process or
after the network is already operational, the design will be more scalable and robust.

Self-test Questions

Quiz
1. Proactive management means checking the network’s health during normal

9 of 12 2025-07-04, 10:01 p.m.

CITM600, Module 9 - Proactive Network Management https://de.torontomu.ca/de_courses/templates/m/?c=37588C655CA22...

operation.
a. True
b. False

Check Your Answer

2. A network administrator noticed a large performance degradation of the network

after he started a network monitoring application for the entire network. He wants
to ensure that the management data are collected without any issue. What should
the administrator do?
a. Ask the users to reduce network load.
b. Upgrade the routers.
c. Set up an out-of-band management network.
d. Hire an assistant.
e. None of the given options.

Check Your Answer

3. The software installed in a managed device that sends management data to the
management system is called:
a. A device monitor.
b. An agent.
c. A monitoring system.
d. The control center.
e. None of the given options.

Check Your Answer

4. The machine learning technique SVM is used for fault prediction.

a. True
b. False

Check Your Answer

5. In out-of-band monitoring, data can be carried from the managed hosts to the
network management system (NMS) through the same path as the data-carrying

10 of 12 2025-07-04, 10:01 p.m.

CITM600, Module 9 - Proactive Network Management https://de.torontomu.ca/de_courses/templates/m/?c=37588C655CA22...

path.
a. True
b. False

Check Your Answer

Discussion

Discussion
Research and share your findings in an initial post on the D2L Module 9 Discussion Board by
Wednesday, and respond to at least one of your peers’ posts by 11:59 p.m. EST on Friday of
this week on the following topic:

Research a network management product or tool of your choice. Describe the product or tool.

You must also comment on at least one of your peers’ posts.

Please Note
Each week's discussion board will be open from Saturday at 12:01 a.m. EST to the
following Friday at 11:59 p.m. EST. The forum will be locked for further participation
after each respective Friday.

References
Parziale, L., Liu, W., Matthews, C., Rosselot, N., Davis, C., Forrester, J., & Britt, D. T. (2006).
TCP/IP Tutorial and Technical Overview, Chapter 17: Network Management.
Priscilla, O. (2011). Top-Down Network Design, 3rd edition: Chapter 9: Developing Network
Management Strategies.
Ayoubi, S., Limam, N., Salahuddin, M. A., Shahriar, N., Boutaba, R., Estrada-Solano, F., &
Caicedo, O. M. (2018). Machine learning for cognitive network management. IEEE
Communications Magazine, 56(1), 158–165.

11 of 12 2025-07-04, 10:01 p.m.

CITM600, Module 9 - Proactive Network Management https://de.torontomu.ca/de_courses/templates/m/?c=37588C655CA22...

Overview of SNMP and its configuration, Cisco Press.

Mathew, A. (2020), Artificial Intelligence for Intent-Based Networking (PDF download).
International Journal of Computer Science Trends and Technology (IJCST) – Volume, 8.

12 of 12 2025-07-04, 10:01 p.m.