Post on 04-Apr-2018
7/30/2019 Remote monitoring in SNMP
1/12
Information Engineering and Technology FacultyDepartment of Networks
German University in Cairo
Assignment One
Group names :
Aalaa Othman 13-3691 T-6
Salma Youssef 13_553 T-8Monica Akladious 13-8196 T-6
Karim Ali 13-4364 T-8
Submission Date : May 22nd , 2012
7/30/2019 Remote monitoring in SNMP
2/12
Table of Contents
Remote Monitoring ................................................................................................................................. 3
How is RMON beneficial in network management? ........................................ ......................... ................ 4
RMON 1 and RMON 2 ........................ .......................... .......................... ......................... ......................... 5
RMON1 ............................................................................................................................................... 5
RMON1 Groups ................................................................................................................................... 6
Token Ring extensions to RMON MIB................................................................................................... 7
RMON2 ............................................................................................................................................... 7
Capabilities of RMON2 ........................ .......................... ......................... .......................... .................... 7
RMON2 Groups. .................................................................................................................................. 8
Probes ................................................................................................................................................... 12
7/30/2019 Remote monitoring in SNMP
3/12
Remote Monitoring
The success achieved by the SNMP management led to the popularity of managing the network
components in the network. SNMPv1 established the basis for remotely monitoring a network
from a network operation center NOC and carrying out configuration and error management.
But the degree of managing the network performance was restricted. The networks
performance description is usually statistical. This has participated in measuring the statistics of
the significant parameters in the network from the NOC mentioned above and in developing
the remote monitoring features.
RMON was introduced to adopt the issue of managing LAN sections and remote places from a
central location .It is a specification that allows different network monitors and console systems
to send and receive network monitoring data. It enables the network administrators to easily
choose consoles and probes with specifications that satisfy the networking requirements.
Monitors and probes mentioned above are the remote network monitoring devices; they are
used mainly for running and observing a network. The probes are mostly separate devices that
dedicate major resources to manage a network. An organization can use a huge number of
these devices, up till one device per a network section, so as to manage its internet and it also
has the ability to manage a geographically remote network like the support center of a certain
service provider or the central support organization of a company to control a certain remote
spot.
Initially RMON devices were devoted to execute the RMON MIB modules. But eventually cardswere proposed that introduced RMON potentials into a switch, hub or a router and it started to
act as a software ability that was introduced to the software of a device in the network and a
software application that can operate on clients or servers. And aside from the fact that the
different scenarios addressed differed, the main function of RMON as a devoted network
management tool was offered for all different happenings and activities in the network. These
functions were initially created to operate in the promiscuous mode for packets capturing on
network sections. Eventually the functions were implemented to not rely only on the
promiscuous capturing of the packets nowadays more procedures for collecting data were
introduced and the mode mentioned initially was one of the so many options for gatheringdata.
7/30/2019 Remote monitoring in SNMP
4/12
How is RMON beneficial in network management?
The following section explains the main advantages of using RMON in network management.
1. Offline OperationThe management station doesnt constantly keep in touch with its remote monitoring devices
mainly to reduce communications costs as a result a probe is set up to constantly gather
statistics provided that the management station itself is not functioning efficiently and in case
an exceptional condition takes place it tried to alert the station.
This allows for the management station to be informed about the performance, fault and
configuration continuously in an efficient way.
2. Proactive MonitoringIn case the resources can be reached through the monitor it should perform diagnostics and
record information about the network performance and since the monitor is always obtainable
at the beginning of the occurrence of any fault in the network, this monitor can instantly inform
the station about the failure that took place and can log statistical information, about that
failure, that can be used by the station so as to do more analysis to find out the main cause of
the failure that took place .
3. Problem Detection and ReportingThe monitor can be defined to identify the error conditions that occur mostly and constantly
check if they took place. As soon as one of the conditions takes place the event will be recorded
and the stations will be alerted about the occurrence of such an event.
4. Value Added DataA remote monitoring device is a devoted network resource for managing the network and since
it is placed at the part of the network that is monitored it can enhance the data it gathers with
useful value. For example by defining the hosts that yield the largest amount of faults and
traffic the probe can provide the management station with the information and statisticsneeded to decipher the issues that take place.
5. Multiple ManagersA single organization can contain more than one management station in order to offer recovery
from failures and disasters and for different tasks and units in the given organization. Because
7/30/2019 Remote monitoring in SNMP
5/12
this case is likely to exist in the network the remote monitoring device has to communicate with
more than just one management station possible using its resources synchronously.
RMON 1 and RMON 2
There exist two versions of RMON: RMONv1 and RMONv2. RMON1 stated 10 MIB groups for
monitoring the network which are used by the most recent network hardware. On the other
hand RMON2 mainly concentrates on traffic from higher layers which the MAC layer is below it
focuses on the IP and application level traffics. It enables packets monitoring on all network
layers unlike RMON1 which operate at the MAC layer and the layer below only as shown in the
Figure 1 :Layer that RMON1 AND 2 focus onFigure 1 :Layer that RMON1 AND 2 focus on
Figure 1 :Layer that RMON1 AND 2 focus on
RMON1
RMON-1 mainly operates at layer 2 and delivers gathered statistics about the link layer in
various ways. It also helps in generating the alerts and alarms incase a certain thresholds are
reached and it helps in capturing packet contents. With RMON1 MIB the managers of a certain
network can gather important data from different segments in the network in the aim of
observing the networks performance and resolving the faults that occur.
RMON1 MIB offers traffic statistics in the past and present for a network segment and in
between different hosts and it delivers a fluctuating alert and mechanism to set the thresholdsand inform the manager of the network about any changes that take place in the performance
of the network. RMON1 can be used as a protocol analyzer. RMON1 consists of 10 MIB groups
described precisely in the next section.
The figure below includes the RMOM1 groups.
7/30/2019 Remote monitoring in SNMP
6/12
Figure 2 rmon1 groups
RMON1 Groups
1. The Ethernet Statistics Group: It includes measured information and statistics about the
Ethernet interfaces that are observed by the probe. It consists of the Ethernet statistics
table. It contains the number of packets sent and dropped, Checksum errors, fragments,
counters for packets, etc...
2. The History Control Group: it controls the statistical sampling of data from different sortsof network media.
3. The Ethernet History Group: It saves the periodic statistical samples that the Ethernetnetwork provides and keeps them to be retrieved later. It includes the count of the
sampled items and the total number of samples.
4. The Alarm Group: It retrieves statistical samples from the variables in the probe andcompares them to the thresholds that have been set up if one of these variables reaches
the given threshold it creates an event. It contains the table of the alarm and defines thetypes of the alarms generated and the values of the starting and stopping thresholds.
5. The Host Group: it includes statistics related to each host found on the network. It findshosts on the network by setting up a list that includes source and destination MAC
addresses observed in good packets it captures from the network it contains the address
of the host, multicast, broadcast and error packets.
7/30/2019 Remote monitoring in SNMP
7/12
6. The HostTopN Group: this group is basically used to formulate reports about the hoststhat come on top of a list requested by one of their statistics. The statistics provided are
basically samples of one of the base statistics over a time interval defined by the station
as a result the resulted statistics are rate affected. The station also decides how many
hosts of that kind are reported. This group includes hosts, sample start and stop periods,
statistics and rate base.7. The Matrix Group: it records statistics for the conversations between two MAC addresses.
As soon as the device perceives a new conversation it generates a new entry in its tables.
It contains the destination and source address pairs and errors generated with each pair.
8. The Filter Group: It enables the packets to be coordinated by a certain filter equation. Thecoordinated packets create a data stream that can be captured or can be used to notify
the network about events that took place. It contains the type of the bit-filter, the bit
level, conditional expression to filters. The Packet Capture Group: It captures the packets after they move through a channel, itincludes information about the size of the buffer that contains the packets which were
captured and the total number of captured packets.
10.The Event Group: This group mainly generates events from the device and notifies thenetwork in case they take place. It contains information about the event type and the last
time this event was detected in the network.
Token Ring extensions to RMON MIB
Since the functions implemented in RMON-1 MIB were mainly definite to Ethernet media. To
activate the functions of Token Ring Media it was necessary to implement new objects in this
extension to handle and support the token ring and MIB also introduced monitoring functions
exclusive to Token Ring. This extension contains several groups each one if responsible of a
specific task.
RMON2
It extends the architecture of RMON1 by introducing RMON diagnostics up to the application
layer as mentioned earlier. But its important to know that RMON2 is not a replacement of
RMON1.Both of them are being used with each one perform a different task RMON1 offers
data for protocol analysis and segment monitoring and on the other hand RMON2 offers data
for application and network monitoring .
The main useful capability in RMON2 is focusing on monitoring the layers above the MAC layer
that delivers a view of the network as a whole instead of dealing with a single segment.
Capabilities of RMON2
1. Higher Layer Statistics: It provides host and matrix tables provided by RMON1 but atthe network and application layers. On monitoring these kinds of statistics the manager
can now watches which clients are communicating with which servers.
7/30/2019 Remote monitoring in SNMP
8/12
2. Address Translation: It binds between MAC and network layers addresses that are a lotsimpler to remember and read as well. The process of translation helps the network
manager in defining topology maps and helps in the discovery of the IP address
duplication.
3.
Improved Filtering: Since RMON2 supports higher layer protocols extra filters are neededin this case to enable the user to configure filters easily and more efficiently.
4. Probe Configuration: RMON2 enable the remote configuration by a certain vendorsapplication to another vendors probe.
RMON2 Groups.
Rmon2 groups are composed of protocol directory, protocol distribution, address mapping,
network layer host, network layer matrix, application layer host, application layer matrix, user
history & probe configuration.
First, the Protocol Directory is used to enable an RMON2 application to establish which
protocols particular RMON2 agent implements which is particularly important when the
application and the agent do not come from the same vendor. To understand this, remember that
so many protocols run on one network, that can be known or costumed for a particular
application; therefore any RMON2 solution had to provide a framework to support them all. The
Protocol Directory concept splits the protocol definition and the table structure where the
protocol traffic information is stored.
Second, the protocol distribution is responsible for collecting combined statistics on the
generated traffic distribution by each protocol per LAN segment. Also, it maps the collected data
by a probe to the correct protocol name. Afterwards, the protocol name can be viewed by the
network manager.
Third, the address mapping is responsible for address translation between MAC-layer addresses
and network-layer addresses where the latter is much easier in reading and hence remembering.
This causes enhanced topology maps since it both helps the network manager and supports the
SNMP management platform.
Structure of address Map group:
7/30/2019 Remote monitoring in SNMP
9/12
Figure 3 addmap group
Sub-
OID
Object Description
(1) Inserts Number of times an address mapping entry has beeninserted into the data table.
(2) Deletes Number of times an address mapping entry has been
deleted from the data table.
(3) MaxDesiredEntries Desired maximum number of entries in the address map
table.
Note: An entry of -1 denotes any number of entries.
Fourth, the network layer host permits the manager to look beyond the router to the connected
hosts by monitoring packets on traffic into and out of hosts. It collects layer 3 traffic statistics.
This is done depending on the network-layer address. It hence controls both the network andapplication-layer host tables.
Fifth, the network layer matrix has the capability to store and recover network layer statistics
for conversations between sets of two addresses based on the network-layer addresses; these
statistics show the protocol specific traffic between communicating pairs of systems in order to
enable the network manager to debug network problems faster and more accurately. Not only
can a server be detected as "dead" because it is not transmitting packets but the network manager
can also diagnose the tougher problem faced when the server is "alive" but a specific protocol
stack is faulty
Sixth, application layer host carries a group of statistics for a protocol from a certain network
address that has been discovered on the devices interface
Structure of AppHost Group:
7/30/2019 Remote monitoring in SNMP
10/12
Figure 4
Sub-
OID
Object Description
(1) TimeMark Time filter for this entry.
(2) InPkts Number of error-free packets of this
protocol type transmitted to thisaddress since it was added to the table.
(3) OutPkts Number of error-free packets of thisprotocol type transmitted by this
address since it was added to the table.
(4) InOctets Number of octets of this protocol typetransmitted to this address since it wasadded to the table, excluding packets
with errors.
(5) OutOctets Number of octets of this protocol type
transmitted by this address since it wasadded to the table, excluding packets
with errors.
(6) CreateTime Value of sysUpTime when this entrywas activated.
Seventh, application layer matrix stores and retrieves application layer traffic statistics based
on application layer protocol, per source/destination pairs of hosts for conversations between sets
of two addresses. For all conversations between any pairs of hosts, the statistics will relate to
traffic between pairs of hosts for each protocol.
7/30/2019 Remote monitoring in SNMP
11/12
Eighth, the probe configuration group defines standard configuration parameters for the
agent's capability, software revision, reset control which can be either warm boot or cold boot
and the trap destination table which is a list of trap recipient IP hosts. This standard configuration
feature enables one vendor's RMON application to remotely configure another vendor's RMON
probe.
Structure of probeConfig group:
Sub-
OID
Object Description
(1) probeCapabilities Indicates
what rmon groupsare supported.
(2) probeSoftwareRev Software revisionof this device: this
string will havezero length if the
revision isunknown.
(3) probeHardwareRev Hardware revisionof this device.
(4) probeDateTime Probe's current dateand time.
(5) probeResetControl Takes on the
values:
running(1)
7/30/2019 Remote monitoring in SNMP
12/12
Sub-
OID
Object Description
warmBoot(2)
coldBoot(3)
Finally, the user history group combines mechanisms seen in the alarm and history groups in
order to allow the network manager to form history studies of any counter in the system like the
specific history on a particular file server. It periodically samples user-specified variables and
logs that data, based on user-defined parameters.
ProbesRMON solutions are composed of two components: a probe that acts as a server and network
management applications that act as a client. Information is only transmitted to the management
application when required, instead of continuous polling. SNMP is used to enable
communication between the client and the probe.
The probe is a monitoring device that could be a router, switch or PC software containing
RMON software agents. It should be noted that these probes have to be located on every LAN
segment or WAN link monitored because they can only view traffic flowing through them; they
are placed permanently in the network most of the time.
These agents are responsible for gathering information such as bandwidth utilization, collision,
network error, and many more critical Ethernet network statistics. Also, they can analyze the
SNMP packets hence reducing SNMP traffic and the processing load from the clients.
Moreover, a probe can be used to set an alarm when a specific situation happens by monitoring
the traffics. Therefore, it can be used to and gather statistics sent to the management console and
periodically check.
The probe can be installed as a service in the PC background on any Windows PC in the remote
network segment.
If we are to compare between the RMON probe and the advanced probe, we will find that the
RMON probe is superior in the following way; 3rd Party supported collection mechanism. This
means that other manufacturers software or hardware can query and process statistics from a
RMON probe. Also, it can support 10 concurrent interfaces. Unlike the advanced probes which
only support one.