1

RMON

2

RMON

RMON is a set of standardized MIB variables that monitor networks. Even if RMON initially referred to only the RMON MIB, the term RMON now is often used to refer to the concept of remote monitoring and to the entire series of RMON MIB extensions

3

RMON Goal

The initial goal of RMON was to: monitor network traffic in a local-area

network (LAN) environment to provide comprehensive information for

network fault diagnosis, planning, and performance tuning to network administrators.

4

RMON approach

RMON implements a passive collection approach that measures specific aspects of the traffic without interfering by adding monitoring traffic.

5

RMON devices

RMON can be implemented in network elements, such as Cisco routers and switches, or it can be deployed using dedicated RMON probes

6

DataAnalyzer

RMONProbe

BACKBONENETWORK

SNMPTraffic

SNMPTraffic

LAN

RouterRouter

• RMON Probe• Data gatherer - a physical device

• Data analyzer• Processor that analyzes data

7

FDDIBackbone Network

Remote Token Ring LANNMS

Router Bridge

Token RingProbe

EthernetProbe

Local LAN

Figure 8.1 Network Configuration with RMONs

Router withRMON

Router

Remote FDDI LAN

FDDI Probe

8

• Note that RMON is embedded monitoring remote FDDI LAN• Analysis done in NMS

9

RMON Benefits

• Monitors and analyzes locally and relays data; Less load on the network• Needs no direct visibility by NMS; More reliable information• Permits monitoring on a more frequent basis and hence faster fault diagnosis• Increases productivity for administrators

10

RMON 1 limitation

Although RMON became successful, implementations made it clear that monitoring on OSI Layer 2 was limited when monitoring wide-area network (WAN) traffic (OSI Layer 3 and above)

11

RMON 2

RMON version 2 (RMON 2) is an extension to RMON version 1 (RMON 1), which refers to the initial RMON specifications monitoring on OSI Layer 2. RMON 2 focuses on the layers of traffic above the Media Access Control (MAC) layer; the main enhancement of RMON 2 is the capability to measure Layer 3 network traffic and application statistics.

12

13

14

RMON groups start with identifier 1.3.6.1.2.1.16

15

rmonConformance (20)

probeConfig (19)

usrHistory (18)

rmon (mib-2 16)

statistics (1)

history (2)

alarm (3)

host (4)

hostTopN (5)

matrix (6)

filter (7)

capture (8)

event (9)

Figure 8.2 RMON Group

a1Matrix (17)

a1Host (16)

n1Matrix (15)

n1Host (14)

addressMap (13)

protocolDist (12)

protocolDir (11)

Token Ring (10)

RMON1 Extension

RM

ON

1

RM

ON

2

16

• RMON1: Ethernet RMON groups (rmon 1 - rmon 9)• RMON1: Extension: Token ring extension (rmon 10)• RMON2: Higher layers (3-7) groups (rmon 11 - rmon 20)

17

RMON 1

Group number

Group name

1 rmon 1 Statistics

2 rmon 2 History

3 rmon 3 Alarms

4 rmon 4 Hosts

5 rmon 5 HostTopN

6 rmon 6 Traffic Matrix

7 rmon 7 Filters

8 rmon 8 Packet Capture

9 rmon 9 Events

10 rmon 10 Token Ring

18

RMON 1

• Ten groups divided into three categories

• Statistics groups (rmon 1, 2, 4, 5, 6, and

10))

• Event reporting groups (rmon 3 and 9)

• Filter and packet capture groups(romon 7

and 8)

19

Group name Super group

Statistics

Statistics groups

History

Hosts

HostTopN

Traffic Matrix

Token Ring

AlarmsEvent reporting groups

Events

FiltersFilter and packet capture groups

Packet Capture

20

RMON 1 Statistics groups

RMON 1 Group

Function Elements

Statistics

Contains statistics measured by the RMON probe for each monitored interface on this device.(objects )

Packets dropped, packets sent, bytes sent (octets), broadcast packets, multicast packets, CRC errors, runts, giants, fragments, jabbers, collisions, and counters for packets ranging from 64 to 128, 128 to 256, 256 to 512, 512 to 1024, and 1024 to 1518 bytes.

History Records periodic statistical samples from a network and stores them for later retrieval.

Sample period, number of samples, items sampled

21

RMON 1 Statistics groups

RMON 1 Group

Function Elements

Hosts Contains statistics associated with each host discovered on the LAN.

Host MAC address, packets, and bytes received and transmitted, as well as number of broadcast, multicast, and error packets.

HostTopN

Prepares tables that describe the hosts that top a list ordered by one of their base statistics over an interval specified by the management station. Thus, these statistics are rate-based

Statistics, host(s), sample start and stop periods, rate base, and duration.

22

RMON 1 Statistics groups

RMON 1 Group

Function Elements

Traffic Matrix

Stores statistics for conversations between sets of two MAC addresses. As the device detects a new conversation, it creates a new entry in its table.

Source and destination MAC address pairs and packets, bytes, and errors for each conversation.

Token Ring

Provides additional statistics for Token Ring networks.

RingProvides additional statistics for Token Ring networks.MAC layer statistics, promiscuous statistics, MAC layer history, promiscuous history, ring station order table, alarms, events.

23

RMON 1 Event reporting groups

RMON 1 Group

Function Elements

Alarms Periodically takes statistical samples from variables in the probe and compares them with previously configured thresholds. If the monitored variable crosses a threshold, an event is generated.

Includes the alarm table: alarm type, interval, starting threshold, stop threshold.Note: The Alarms group requires the implementation of the Events group.

Events Controls the generation and notification of events from this device.

Event type, description, the last time the event was sent.

24

RMON 1 Filter and packet capture groups

RMON 1 Group

Function Elements

Filters Enables packets to be matched by a filter equation. These matched packets form a data stream that might be captured or that might generate events

Bit-filter type (mask or not mask), filter expression (bit level), conditional expression (and, or, not) to other filters.

Packet Capture

Enables packets to be captured Size of buffer for captured packets, full status (alarm), and number of captured packets.

25

RMON 1 Tables

Group OID Function TablesStatistics rmon 1 Link level statistics -etherStatsTable

-etherStats2TableHistory rmon 2 Periodic statistical data

collection and storage for laterretrieval

-historyControlTable-etherHistoryTable-historyControl2Table-etherHistory2Table

Alarm rmon 3 Generates events when the datasample gathered crosses pre-established thresholds

-alarmTable

Host rmon 4 Gathers statistical data on hosts -hostControlTable-hostTable-hostTimeTable-hostControl2Table

HostTopN rmon 5 Computes the top N hosts onthe respective categories ofstatistics gathered

-hostTopNcontrolTable

Matrix rmon 6 Statistics on traffic between pairof hosts

-matrixControlTable-matrixSDTable-matrixDSTable-matrixControl2Table

Filter rmon 7 Filter function that enablescapture of desired parameters

-filterTable-channelTable-filter2Table-channel2Table

PacketCapture

rmon 8 Packet capture capability togather packets after they flowthrough a channel

-buffercontrolTable-captureBufferTable

Event rmon 9 Controls the generation ofevents and notifications

-eventTable

TokenRing

rmon 10 See Table 8.3 See Table 8.3

26

RMON summery

The principles of RMON are as follows:• It is a set of standardized MIB variables monitoring

networks.• It offers information that lets administrators analyze network

utilization, including data and error statistics.• RMON 1 includes only data link layer (Layer 2) details.• RMON 2 offers network layer to application layer details

(Layer 3 and up).• Collection data is accessible via SNMP.• The MIB objects are intended as an interface between a

network agent and a management application; they are not intended for direct manipulation by humans. These functions should be handled by the network management application.