View
243
Download
0
Category
Tags:
Preview:
Citation preview
1
RMON
2
RMON
RMON is a set of standardized MIB variables that monitor networks. Even if RMON initially referred to only the RMON MIB, the term RMON now is often used to refer to the concept of remote monitoring and to the entire series of RMON MIB extensions
3
RMON Goal
The initial goal of RMON was to: monitor network traffic in a local-area
network (LAN) environment to provide comprehensive information for
network fault diagnosis, planning, and performance tuning to network administrators.
4
RMON approach
RMON implements a passive collection approach that measures specific aspects of the traffic without interfering by adding monitoring traffic.
5
RMON devices
RMON can be implemented in network elements, such as Cisco routers and switches, or it can be deployed using dedicated RMON probes
6
DataAnalyzer
RMONProbe
BACKBONENETWORK
SNMPTraffic
SNMPTraffic
LAN
RouterRouter
• RMON Probe• Data gatherer - a physical device
• Data analyzer• Processor that analyzes data
7
FDDIBackbone Network
Remote Token Ring LANNMS
Router Bridge
Token RingProbe
EthernetProbe
Local LAN
Figure 8.1 Network Configuration with RMONs
Router withRMON
Router
Remote FDDI LAN
FDDI Probe
8
• Note that RMON is embedded monitoring remote FDDI LAN• Analysis done in NMS
9
RMON Benefits
• Monitors and analyzes locally and relays data; Less load on the network• Needs no direct visibility by NMS; More reliable information• Permits monitoring on a more frequent basis and hence faster fault diagnosis• Increases productivity for administrators
10
RMON 1 limitation
Although RMON became successful, implementations made it clear that monitoring on OSI Layer 2 was limited when monitoring wide-area network (WAN) traffic (OSI Layer 3 and above)
11
RMON 2
RMON version 2 (RMON 2) is an extension to RMON version 1 (RMON 1), which refers to the initial RMON specifications monitoring on OSI Layer 2. RMON 2 focuses on the layers of traffic above the Media Access Control (MAC) layer; the main enhancement of RMON 2 is the capability to measure Layer 3 network traffic and application statistics.
12
13
14
RMON groups start with identifier 1.3.6.1.2.1.16
15
rmonConformance (20)
probeConfig (19)
usrHistory (18)
rmon (mib-2 16)
statistics (1)
history (2)
alarm (3)
host (4)
hostTopN (5)
matrix (6)
filter (7)
capture (8)
event (9)
Figure 8.2 RMON Group
a1Matrix (17)
a1Host (16)
n1Matrix (15)
n1Host (14)
addressMap (13)
protocolDist (12)
protocolDir (11)
Token Ring (10)
RMON1 Extension
RM
ON
1
RM
ON
2
16
• RMON1: Ethernet RMON groups (rmon 1 - rmon 9)• RMON1: Extension: Token ring extension (rmon 10)• RMON2: Higher layers (3-7) groups (rmon 11 - rmon 20)
17
RMON 1
Group number
Group name
1 rmon 1 Statistics
2 rmon 2 History
3 rmon 3 Alarms
4 rmon 4 Hosts
5 rmon 5 HostTopN
6 rmon 6 Traffic Matrix
7 rmon 7 Filters
8 rmon 8 Packet Capture
9 rmon 9 Events
10 rmon 10 Token Ring
18
RMON 1
• Ten groups divided into three categories
• Statistics groups (rmon 1, 2, 4, 5, 6, and
10))
• Event reporting groups (rmon 3 and 9)
• Filter and packet capture groups(romon 7
and 8)
19
Group name Super group
Statistics
Statistics groups
History
Hosts
HostTopN
Traffic Matrix
Token Ring
AlarmsEvent reporting groups
Events
FiltersFilter and packet capture groups
Packet Capture
20
RMON 1 Statistics groups
RMON 1 Group
Function Elements
Statistics
Contains statistics measured by the RMON probe for each monitored interface on this device.(objects )
Packets dropped, packets sent, bytes sent (octets), broadcast packets, multicast packets, CRC errors, runts, giants, fragments, jabbers, collisions, and counters for packets ranging from 64 to 128, 128 to 256, 256 to 512, 512 to 1024, and 1024 to 1518 bytes.
History Records periodic statistical samples from a network and stores them for later retrieval.
Sample period, number of samples, items sampled
21
RMON 1 Statistics groups
RMON 1 Group
Function Elements
Hosts Contains statistics associated with each host discovered on the LAN.
Host MAC address, packets, and bytes received and transmitted, as well as number of broadcast, multicast, and error packets.
HostTopN
Prepares tables that describe the hosts that top a list ordered by one of their base statistics over an interval specified by the management station. Thus, these statistics are rate-based
Statistics, host(s), sample start and stop periods, rate base, and duration.
22
RMON 1 Statistics groups
RMON 1 Group
Function Elements
Traffic Matrix
Stores statistics for conversations between sets of two MAC addresses. As the device detects a new conversation, it creates a new entry in its table.
Source and destination MAC address pairs and packets, bytes, and errors for each conversation.
Token Ring
Provides additional statistics for Token Ring networks.
RingProvides additional statistics for Token Ring networks.MAC layer statistics, promiscuous statistics, MAC layer history, promiscuous history, ring station order table, alarms, events.
23
RMON 1 Event reporting groups
RMON 1 Group
Function Elements
Alarms Periodically takes statistical samples from variables in the probe and compares them with previously configured thresholds. If the monitored variable crosses a threshold, an event is generated.
Includes the alarm table: alarm type, interval, starting threshold, stop threshold.Note: The Alarms group requires the implementation of the Events group.
Events Controls the generation and notification of events from this device.
Event type, description, the last time the event was sent.
24
RMON 1 Filter and packet capture groups
RMON 1 Group
Function Elements
Filters Enables packets to be matched by a filter equation. These matched packets form a data stream that might be captured or that might generate events
Bit-filter type (mask or not mask), filter expression (bit level), conditional expression (and, or, not) to other filters.
Packet Capture
Enables packets to be captured Size of buffer for captured packets, full status (alarm), and number of captured packets.
25
RMON 1 Tables
Group OID Function TablesStatistics rmon 1 Link level statistics -etherStatsTable
-etherStats2TableHistory rmon 2 Periodic statistical data
collection and storage for laterretrieval
-historyControlTable-etherHistoryTable-historyControl2Table-etherHistory2Table
Alarm rmon 3 Generates events when the datasample gathered crosses pre-established thresholds
-alarmTable
Host rmon 4 Gathers statistical data on hosts -hostControlTable-hostTable-hostTimeTable-hostControl2Table
HostTopN rmon 5 Computes the top N hosts onthe respective categories ofstatistics gathered
-hostTopNcontrolTable
Matrix rmon 6 Statistics on traffic between pairof hosts
-matrixControlTable-matrixSDTable-matrixDSTable-matrixControl2Table
Filter rmon 7 Filter function that enablescapture of desired parameters
-filterTable-channelTable-filter2Table-channel2Table
PacketCapture
rmon 8 Packet capture capability togather packets after they flowthrough a channel
-buffercontrolTable-captureBufferTable
Event rmon 9 Controls the generation ofevents and notifications
-eventTable
TokenRing
rmon 10 See Table 8.3 See Table 8.3
26
RMON summery
The principles of RMON are as follows:• It is a set of standardized MIB variables monitoring
networks.• It offers information that lets administrators analyze network
utilization, including data and error statistics.• RMON 1 includes only data link layer (Layer 2) details.• RMON 2 offers network layer to application layer details
(Layer 3 and up).• Collection data is accessible via SNMP.• The MIB objects are intended as an interface between a
network agent and a management application; they are not intended for direct manipulation by humans. These functions should be handled by the network management application.
Recommended