1
00:00:00,320 --> 00:00:07,860
An event based systems the network management protocols work very differently to query based systems.

2
00:00:08,010 --> 00:00:14,910
In any event based system the network management system simply listens for possible announcements or

3
00:00:14,910 --> 00:00:17,270
events to be sent over the wire.

4
00:00:18,000 --> 00:00:22,050
Typically network management protocols that leverage these types of events.

5
00:00:22,060 --> 00:00:26,720
So either source log based or S&amp;P trap based.

6
00:00:26,820 --> 00:00:34,480
Now they all controllable in terms of the amount of detail that you receive from devices on your network.

7
00:00:34,560 --> 00:00:42,490
So as an example on a Cisco Rada you could enable debugging which produces a very large amount of data.

8
00:00:42,600 --> 00:00:47,220
There's a lot of low level detail that's generated with the debugging.

9
00:00:47,490 --> 00:00:53,290
You may not necessarily want that amount of data pushed to your network management system.

10
00:00:53,370 --> 00:00:59,520
One of the issues here is if you receive a large amount of data who's going to sift through the data

11
00:00:59,910 --> 00:01:06,780
to make meaningful decisions on the data that was received so you don't want it just enable lots of

12
00:01:06,780 --> 00:01:13,990
event based information that's sent to you as a slog server one of the advantages of event based systems

13
00:01:14,170 --> 00:01:17,170
is that they can react very quickly.

14
00:01:17,170 --> 00:01:22,870
In other words if any event takes place on the network the network management system can act on that

15
00:01:22,870 --> 00:01:29,820
event immediately rather than waiting for a polling interval to expire as an example.

16
00:01:29,880 --> 00:01:36,450
If you are polling a rowdy interface for its status every five minutes then you would know that that

17
00:01:36,450 --> 00:01:42,970
interfaces up whenever the poll is done or query is done in a query based system.

18
00:01:43,200 --> 00:01:49,410
But if the interface goes down just after you pulled it it may take another five minutes for you to

19
00:01:49,410 --> 00:01:55,740
realize that the interface went down when your network management system pulls the router every five

20
00:01:55,740 --> 00:02:03,000
minutes it will receive back a positive response from the router confirming that the interfaces up as

21
00:02:03,000 --> 00:02:03,950
an example.

22
00:02:04,140 --> 00:02:09,840
That's typically done using a network management protocol such as an MP so you know the interface is

23
00:02:09,840 --> 00:02:15,840
operational because you've queried the Rada if you don't get a response from the router then you know

24
00:02:15,840 --> 00:02:17,460
there's a problem.

25
00:02:17,460 --> 00:02:23,340
But the downside of a query based system is that you're only polling at every five minutes.

26
00:02:23,340 --> 00:02:30,090
If the interface went down immediately after you had pulled the router it could take up to five minutes

27
00:02:30,570 --> 00:02:37,230
for you to realize that there's a problem on the interface of that rudder where as in an event based

28
00:02:37,230 --> 00:02:44,000
system and S&amp;P trap or source log messages sent immediately when the interface goes down.

29
00:02:44,010 --> 00:02:49,710
So in this case the road is informing the network management system that there's a problem rather than

30
00:02:49,710 --> 00:02:56,040
the network management system having to wait a five minute interval to query the Rada for the status

31
00:02:56,040 --> 00:02:56,900
of an interface.

32
00:02:57,920 --> 00:03:01,700
Now there is a downside to event based systems.

33
00:03:01,700 --> 00:03:08,120
The network management protocols are not reliable because the network management system is simply passively

34
00:03:08,120 --> 00:03:12,600
waiting and listening for events to be sent to it.

35
00:03:12,770 --> 00:03:18,710
It wouldn't know if there was a problem on the network if that event didn't reach the network management

36
00:03:18,710 --> 00:03:19,920
system.

37
00:03:20,000 --> 00:03:26,090
So if there's a network issue or an interface went down that prevents the source log message or S&amp;P

38
00:03:26,090 --> 00:03:32,720
trap from getting to the network management system the network management system would be unaware of

39
00:03:32,720 --> 00:03:37,250
the problem without explicitly polling the network device.