Upload
yousef-emami
View
472
Download
0
Embed Size (px)
Citation preview
May 3, 2023 1
Remote Network Monitoring
Speaker: Yousef Emami
December 22th,2013 [email protected]
Shiraz University of Technology,CE&IT Faculty,Network Management
2
Agenda RMON: Remote Network Monitoring RMON1 RMON1 groups The RMON1 MIB Brief Notes Capabilities of RMON1 How Does RMON2 Work? Mission Diagram of the RMON2 MIB The RMON2 MIB Capabilities of RMON2 Salient Feature RMON Components RMON Probe RMON Support in Ethernet switches NAM Traffic Analyzer Case Study RMON 2 in catalyst 5000 HC RMON ATM RMON Monitor Gigabit Communication from the Edge to the Core SMON LoriotPro Reference
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management
May 3, 2023 3
RMON: Remote Network Monitoring
The most important addition to the basic set of SNMP standards is the RMON (Remote Network MONitoring) standard, RFC 1271.
RMON is a major step forward in internetwork management.
It defines a remote-monitoring MIB that supplements MIB-II and provides the network manager with vital information about the internetwork.
RMON1 focused on OSI Layer 1 and Layer 2 information in Ethernet and Token Ring networks. It has been extended by RMON2 which adds support for Network-and Application-layer monitoring and by SMON (Oracle System MONitor) which adds support for switched networks.
Shiraz University of Technology,CE&IT Faculty,Network Management
May 3, 2023 4
RMON1
With the RMON1 MIB, network managers can collect information from re-mote network segments for the purposes of troubleshooting and performance Monitoring.
The RMON1 MIB provides:
Current and historical traffic statistics for a network segment, for aspecific host on a segment, and between hosts (matrix).
A versatile alarm and event mechanism for setting thresholds and noti-fying the network manager of changes in network behavior.
A powerful, flexible filter and packet capture facility that can be usedto deliver a complete, distributed protocol analyzer.
Shiraz University of Technology,CE&IT Faculty,Network Management
May 3, 2023 5
RMON1 groups
Shiraz University of Technology,CE&IT Faculty,Network Management
May 3, 2023 6
The RMON1 MIB :
1.Statistics: real-time LAN statistics, e.g., utilization, collisions, CRC errors.
2. History: history of selected statistics.
3. Alarm: definitions for RMON SNMP traps to be sent when statistics exceed defined thresholds.
4. Hosts: host specific LAN statistics, e.g., bytes sent/received, frames sent/received.
5. Hosts top N: record of N most active connections over a given time period.
6. Matrix: the sent-received traffic matrix between systems.
7. Filter: defines packet data patterns of interest, e.g., MAC address or TCP port.
8. Capture: collect and forward packets matching the Filter.
9. Event: send alerts (SNMP traps) for the Alarm group.
10. Token Ring: extensions specific to Token Ring.
Shiraz University of Technology,CE&IT Faculty,Network Management
May 3, 2023 7
Brief Notes An RMON implementation typically operates in a client/server model.
Monitoring devices (commonly called “probes” in this context) contain RMON software agents that collect information and analyze packets. These probes act as servers and the Network Management applications that com-municate with them act as clients.
Probes have more responsibility for data collection and processing, whichreduces SNMP traffic and the processing load of the clients.
Information is only transmitted to the management application when re-quired, instead of continuous polling.
Shiraz University of Technology,CE&IT Faculty,Network Management
May 3, 2023 8
Brief Notes
RMON is designed for “flow-based” monitoring, while SNMPis often used for “device-based” management.
RMON is similar to other flow-based monitoring technologies such as NetFlow and SFlow because the data collected deals mainly with traffic patterns rather than the status of individual devices.
One disadvantage of this system is that remote devices shoulder more of the management burden and require more resources to do so. Some devices balance this trade-off by implementing only a subset of the RMON MIB groups (see below). A minimal RMON agent implementation could support only statistics, history, alarm, and event.
Shiraz University of Technology,CE&IT Faculty,Network Management
May 3, 2023 9
Capabilities of RMON1
Without leaving the office, a network manager can watch the traffic ona LAN segment, whether that segment is physically located around thecorner or around the world.
Deploying network management staff resources more efficiently meansthat one expert at a central site can be working on several problems bygetting information from several probes at remote sites.
Network managers desperately need tools that can leverage their re-sources and increase their scope of control. RMON1 does just that.
Shiraz University of Technology,CE&IT Faculty,Network Management
May 3, 2023 10
How Does RMON2 Work?
RMON2 follows client/server model
Applications communicating to the "server" agents using the Simple Network Management Protocol (SNMP).
RMON2 agents will be found in dedicated devices and/or embedded in network infrastructure devices.
With the increased volume of traffic statistics being collected by RMON2, the processor power and memory of the agent will be very important considerations.
Shiraz University of Technology,CE&IT Faculty,Network Management
Remote Monitoring in the ISO Model Going Up-the-stack With RMON2
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 11
Mission
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 12
Diagram of the RMON2 MIB
May 3, 2023Shiraz University of Technology,CE&IT Faculty,Network Management
13
May 3, 2023 14
The RMON2 MIB
1. Protocol Directory: list of protocols the probe can monitor.2. Protocol Distribution: traffic statistics for each protocol.3. Address Map: maps network-layer (IP) to MAC-layer addresses.4. Network-Layer Host: layer 3 traffic statistics, per each host.5. Network-Layer Matrix: layer 3 traffic statistics, per source/destinationpairs of hosts6. Application-Layer Host: traffic statistics by application protocol, per host.7. Application-Layer Matrix: traffic statistics by application protocol, per source/destination pairs of hosts.8. User History: periodic samples of user-specified variables.9. Probe Configuration: remote config of probes.10. RMON Conformance: requirements for RMON2 MIB conformance
Shiraz University of Technology,CE&IT Faculty,Network Management
LoriotPro Source Destination Matrix
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 15
May 3, 2023 16
Capabilities of RMON2
Higher Layer Statistics
Address Translation
User-Defined History
Improved Filtering
Probe Configuration
Shiraz University of Technology,CE&IT Faculty,Network Management
Salient Feature
The TimeFilter mechanism allows an NMS to reduce the number transactions required for a 'table-update' operation, by retrieving only the rows that have changed since a specified time (usually the last poll time).
No direct way in SNMP, but RMON2 has a mechanism
Value Added Data
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 17
RMON Components
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 18
RMON Probe Data gatherer :A physical device RMON Probe are built into many high-end switches and routers. Data analyzer Processor that analyzes data
Figure 4:RMON Components
May 3, 2023 19
RMON Probes
The RMON probe also called RMON agent is a dedicated device including hardware or software or it can be software embedded into a network device like a router or a switch.
RMON probe can also be software running on a standard operating system like Windows or Linux. The application and the agent communicate across the network using the Simple Network Management Protocol (SNMP).
Shiraz University of Technology,CE&IT Faculty,Network Management
May 3, 2023 20
RMON support in the switch
The RMON probe functions may be present (embedded) in the network switches (Ethernet) and provide partial or full support of some RMON groups.
Shiraz University of Technology,CE&IT Faculty,Network Management
May 3, 2023 21
Port MirroingPort mirroring is used on a network switch to send a copy of all network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port.
Shiraz University of Technology,CE&IT Faculty,Network Management
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management
22
In-line tapsIn-line taps are inserted directly into network link (copper wire or fiber). They split or copy the signals from both channels (full duplex) and retransmit the data streams hack out to the probe.
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 23
RMON Support in Ethernet switches
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 24
NAM Traffic Analyzer
The Network Analysis Module (NAM) is an interface card installed in the Catalyst 6000 and 6500 Series switches and Cisco 3660, 3700 Series, 2800 and 3800 Series routers, and select models of the 2600. The NAM monitors and analyzes network traffic using remote monitoring (RMON), RMON Extensions for Switched Networks (SMON), and other management information bases (MIBs).
The NAM Traffic Analyzer is software that is embedded in the NAM that gives you browser-based access to the RMON1, RMON2, SMON, and voice monitoring features of the NAM.
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 25
Case Study
Catalyst 5000 Family Network Analysis Module
Fully Integrated RMON/RMON2
The network analysis module is completely integrated into the Catalyst 5000 Family switch and shares the switch’s management IP address and Simple Network Management Protocol (SNMP) community strings for seamless access between mini-RMON and the extended RMON/RMON2 groups on the network analysis module.
No external data cables, power cords, or console connections are required. The network analysis module consumes a single slot and can be installed into any Catalyst 5000, 5500,5505, or 5509 chassis running Supervisor Engine software release 4.3 or higher
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 26
RMON 2 in catalyst 5000
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 27
High-Capacity RMON
The HCRMON system provides:
A direct, passive link into the data stream, offering an independent,proven, and trusted view of network traffic.
Full adherence to all 21 RMON groups, including HCRMON for complete data collection.
Compatibility to any RMON management console or collection facility
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 28
ATM RMON ATM Forum extended RMON to ATM ATM RMON provides cell-based (per-host and per-conversation) traffic information. ATM devices require cell-based measurements and statistics. Probe should be able to handle high speed
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 29
Monitor Gigabit Communication from the Edge to the Core
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 30
RMON Extensions for Switched Networks (SMON)
SMON is a plug-in for hosts ,operating systems and hardware.
The System Monitoring Plug-in for Hosts for Operating System and Hardware delivers comprehensive monitoring, administration and configuration management capabilities for Windows, Linux and Unix servers, significantly reducing the complexity and cost associated with managing operating system environments.
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 31
LoriotPro RMON
Group Description
Protocol Directory Lists the inventory of protocols that the probe can monitor
Protocol Distribution Collects the number of octets and packets for protocols detected on a network segment
Network Layer Host Counts the amount of traffic sent from and to each network address discovered by the probe
Network Layer Matrix Counts the amount of traffic sent between each pair of network addresses discovered by the probe
Application Layer Host Counts the amount of traffic, by protocol, sent from and to each network address discovered by the probe
Application Layer MatrixCounts the amount of traffic, by protocol, sent between each pair of network addresses discovered by the probe
User History Periodically samples user-specified variables and logs the data based on user-defined parameters
Probe Configuration Defines standard configuration parameters for RMON probes
Address Map
May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 32
May 3, 2023 33
Thank you for your kind attention
?
Shiraz University of Technology,CE&IT Faculty,Network Management
May 3, 2023
Reference
[1] Jianguo Ding ,”Advances in Network Management”, Auerbach Publications,2013
[2] Remote Monitoring 2, http://tools.ietf.org/html/draft-ietf-rmonmib-rmon2-v2-05,2013
[3] Catalyst 5000 Family Network Analysis Module
http://www.cisco.com/en/US/products/hw/switches/ps679/products_data_sheet09186a008072ad96.htm l,2013[4] User Guide for Cisco Network Analysis Module Traffic Analyzer, http://
www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/3.6/user/guide/users.html ,2013
[5] SMON ,http://docs.oracle.com/cd/B16240_01/doc/nav/plugins.html,2103
[6] Remote Monitoring MIB Extensions for ATM Networks, http://www.broadband-forum.org/,2013
[7] RMON GUI - Remote network MONitoring Administrator handbook http://www.loriotpro.com/Products/RMON_GUI/225-RMON_Probes_EN.html,2013
[8] Gigabit Network Analysis , www.networkinstruments.co.uk,2013
Shiraz University of Technology,CE&IT Faculty,Network Management 34