Nov 9, 2006 IT 4333, Fall 20061 IT 4333 – Network Admin & Management RMON From: Byte Magazine,...
-
Upload
austin-terry -
Category
Documents
-
view
223 -
download
0
Transcript of Nov 9, 2006 IT 4333, Fall 20061 IT 4333 – Network Admin & Management RMON From: Byte Magazine,...
Nov 9, 2006 IT 4333, Fall 2006 1
IT 4333 – Network Admin & Management
RMON From: Byte Magazine, Javvin.com,
Cisco.com, Wikipedia, and IETF
Nov 9, 2006 IT 4333, Fall 2006 2
Part 1, from Cisco.com
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rmon.htm
Nov 9, 2006 IT 4333, Fall 2006 3
Defintion: RMON
Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data.
Two versions: RMON1 RMON2
Nov 9, 2006 IT 4333, Fall 2006 4
Definition
The RMON specification defines a set of statistics and functions that can be exchanged between RMON-compliant console managers and network probes.
An extension of SNMP MIBs.
As such, RMON provides network administrators with comprehensive network-fault diagnosis, planning, and performance-tuning information.
Nov 9, 2006 IT 4333, Fall 2006 5
Standards (RFC)
RMON was defined by the user community with the help of the Internet Engineering Task Force (IETF).
It became a proposed standard in 1992 as RFC 1271 (for Ethernet). RMON then became a draft standard in 1995 as RFC 1757, effectively obsoleting RFC 1271.
Nov 9, 2006 IT 4333, Fall 2006 6
An RMON Probe Can Send Statistical Information to an RMON Console
Nov 9, 2006 IT 4333, Fall 2006 7
RMON Groups
RMON delivers information in nine RMON groups of monitoring elements, each providing specific sets of data to meet common network-monitoring requirements.
Each group is optional so that vendors do not need to
support all the groups within the Management Information Base (MIB).
Some RMON groups require support of other RMON groups to function properly.
Nov 9, 2006 IT 4333, Fall 2006 8
RMON Group: Statistics
Function: Contains statistics measured by the probe for each monitored interface on this device.
Elements of MIB:Packets dropped, packets sent, bytes sent (octets), broadcast packets, multicast packets, CRC errors, runts, giants, fragments, jabbers, collisions, and counters for packets ranging from 64 to 128, 128 to 256, 256 to 512, 512 to 1024, and 1024 to 1518 bytes.
Nov 9, 2006 IT 4333, Fall 2006 9
RMON Group: History
Function: Records periodic statistical samples from a network and stores them for later retrieval.
Elements of MIB:Sample period, number of samples, items sampled
Nov 9, 2006 IT 4333, Fall 2006 10
RMON Group: Alarm
Function: Periodically takes statistical samples from variables in the probe and compares them with previously configured thresholds. If the monitored variable crosses a threshold, an event is generated.
Elements of MIB:Includes the alarm table and requires the implementation of the event group. Alarm type, interval, starting threshold, stop threshold.
Nov 9, 2006 IT 4333, Fall 2006 11
RMON Group: Host
Function: Contains statistics associated with each host discovered on the network.
Elements of MIB:Host address, packets, and bytes received and transmitted, as well as broadcast, multicast, and error packets.
Nov 9, 2006 IT 4333, Fall 2006 12
RMON Group: HostTopN
Function: Prepares tables that describe the hosts that top a list ordered by one of their base statistics over an interval specified by the management station. Thus, these statistics are rate-based.
Elements of MIB:Statistics, host(s), sample start and stop periods, rate base, duration.
Nov 9, 2006 IT 4333, Fall 2006 13
RMON Group: Matrix
Function: Stores statistics for conversations between sets of two addresses. As the device detects a new conversation, it creates a new entry in its table.
Elements of MIB:Source and destination address pairs and packets, bytes, and errors for each pair.
Nov 9, 2006 IT 4333, Fall 2006 14
RMON Group: Filters
Function: Enables packets to be matched by a filter equation. These matched packets form a data stream that might be captured or that might generate events.
Elements of MIB:Bit-filter type (mask or not mask), filter expression (bit level), conditional expression (and, or not) to other filters.
Nov 9, 2006 IT 4333, Fall 2006 15
RMON Group: Packet Capture
Function: Enables packets to be captured after they flow through a channel.
Elements of MIB:Size of buffer for captured packets, full status (alarm), number of captured packets.
Nov 9, 2006 IT 4333, Fall 2006 16
RMON Group: Events
Function: Controls the generation and notification of events from this device.
Elements of MIB:Event type, description, last time event sent.
Nov 9, 2006 IT 4333, Fall 2006 17
Huh?
I'm lost….
Let's try Wikipedia…
Nov 9, 2006 IT 4333, Fall 2006 18
Definition from Wikipediahttp://en.wikipedia.org/wiki/RMON RMON stands for Remote Monitoring. It is a standard used in telecommunications
equipment e.g. in routers, which implement a MIB (Management Information Base) which allows for remote monitoring and management of network equipment.
RMON uses an agent running on the device being monitored to supply information over SNMP to a management workstation (or some other system).
Nov 9, 2006 IT 4333, Fall 2006 19
??
… that doesn't help much…
Nov 9, 2006 IT 4333, Fall 2006 20
Let's try a 1995 article from BYTE http://www.byte.com/art/9506/sec13/art4.htm
Recognizing that managers need to somehow see what's going on at distant locations, the IETF (Internet Engineering Task Force) has developed specifications for an RMon (remote monitoring) system that keeps tabs on the state of distant networks.
RMon is an extension of the IETF's SNMP, which is commonly used to manage large networks.
The idea behind RMon is to distribute, throughout a network, probes that collection information about the traffic on that network.
Nov 9, 2006 IT 4333, Fall 2006 21
Difference between SNMP and RMON
The difference between SNMP and RMon is that SNMP monitors and manages network devices like hubs and bridges, while RMon monitors LAN traffic!
Nov 9, 2006 IT 4333, Fall 2006 22
… continued…
With RMon, some of the management intelligence is moved out onto the network, where RMon probes alert a centralized console whenever a threshold, such as number of packets, is exceeded.
Nov 9, 2006 IT 4333, Fall 2006 23
Typical use of RMon
one probe would be located on each LAN segment
The probe would monitor data transmission on that segment and organize the information it collects into a format that makes it easy for a manager at a central site to analyze traffic patterns and diagnose problems at remote sites.
Nov 9, 2006 IT 4333, Fall 2006 24
RMON vs. Protocol Analyzers?
"Naturally, there's some overlap in the functions of an RMon probe and a protocol analyzer. For example, many protocol analyzers can perform trend analysis on the data they collect. "
(Is this true? This is from 1995…)
Nov 9, 2006 IT 4333, Fall 2006 25
Probably still true.
The way the two technologies can work to complement one another is to use RMon to baseline networks, study usage trends, and identify potential problems before they cause
trouble for users. This will help reduce the number of trips to remote
sites that technicians must make to solve problems And when a problem requires higher-level diagnostics
to be performed, use a protocol analyzer.
Nov 9, 2006 IT 4333, Fall 2006 26
Benefits?
The benefit of an RMon system is that it automatically collects information about the traffic on a LAN segment that is in a remote location.
For a manager responsible for many LAN segments that are not all in the same location, that can be a great cost-saving benefit.
Nov 9, 2006 IT 4333, Fall 2006 27
Typical implementation (from Byte)
Nov 9, 2006 IT 4333, Fall 2006 28
We need more details…so let's try Javvin. (Something more up to date..) http://www.javvin.com/protocolRMON.html
Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data.
RMON provides network administrators with more freedom in selecting network-monitoring probes and consoles with features that meet their particular networking needs.
Nov 9, 2006 IT 4333, Fall 2006 29
Difference between RMON & SNMP
RMON was originally developed to address the problem of managing LAN segments and remote sites from a central location.
The RMON specification, which is an extension of the SNMP MIB, is a standard monitoring specification.
Nov 9, 2006 IT 4333, Fall 2006 30
Difference between RMON & SNMP
Within an RMON network monitoring data is defined by a set of statistics and functions and exchanged between various different monitors and console systems.
Resultant data is used to monitor network utilization for network planning and performance-tuning, as well as assisting in network fault diagnosis.
Nov 9, 2006 IT 4333, Fall 2006 31
Versions of RMON
There are 2 versions of RMON: RMON1 (RMONv1) and RMON2 (RMONv2). RMON1 defined 10 MIB groups for basic network
monitoring, which can now be found on most modern network hardware.
RMON2 (RMONv2) is an extension of RMON that focuses on higher layers of traffic above the medium access-control (MAC) layer.
RMON2 has an emphasis on IP traffic and application-level traffic. RMON2 allows network management applications to monitor packets on all network layers.
Nov 9, 2006 IT 4333, Fall 2006 32
RMON 1 and RMON 2(From www.javvin.com/protocol/RMON.html)
Nov 9, 2006 IT 4333, Fall 2006 33
RMOM Components
Two components: a probe (or an agent or a monitor), and a client, usually a management station.
Agents store network information within their RMON MIB and are normally found as embedded software on network hardware such as routers and switches although they can be a program running on a PC.
Nov 9, 2006 IT 4333, Fall 2006 34
How do agents work?
Agents can only see the traffic that flows through them so they must be placed on each LAN segment or WAN link that is to be monitored.
Clients, or management stations, communicate with the RMON agent or probe, using SNMP to obtain and correlate RMON data.
Nov 9, 2006 IT 4333, Fall 2006 35
RMON 2 MIB groups Protocol Directory: The Protocol Directory is a simple and
interoperable way for an RMON2 application to establish which protocols a particular RMON2 agent implements. This is especially important when the application and the agent are from different vendors
Protocol Distribution: Mapping the data collected by a probe to the correct protocol name that can then be displayed to the network manager.
Address mapping: Address translation between MAC-layer addresses and network-layer addresses which are much easier to read and remember. Address translation not only helps the network manager, it supports the SNMP management platform and will lead to improved topology maps.
Network Layer host" Network host (IP layer) statistics
Nov 9, 2006 IT 4333, Fall 2006 36
RMON 2 MIB groups, continued.. Network layer matrix: Stores and retrieves network layer (IP layer)
statistics for conversations between sets of two addresses.
Application layer host: Application host statistic
Application layer matrix: Stores and retrieves application layer statistics for conversations between sets of two addresses.
User history: This feature enables the network manager to configure history studies of any counter in the system, such as a specific history on a particular file server or a router-to-router connection
Probe configuration: This RMON2, feature enable one vendor's RMON application to remotely configure another vendor's RMON probe.
Nov 9, 2006 IT 4333, Fall 2006 37
Bibliography(Review these articles…)
Byte Magazine Salamone, Salvatore "Simplfying Remote Management", 1995.
http://www.byte.com/art/9506/sec13/art4.htm
Cisco.com http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rmon.htm
The Internet Society (IETF)
Introduction to the Remote Monitoring
(RMON) Family of MIB Modules, 2003 http://www.ietf.org/rfc/rfc3577.txt
Javvin RMON: Remote Monitoring MIBs (RMON1 and RMON2)http://www.javvin.com/protocolRMON.html
Wikipedia http://en.wikipedia.org/wiki/RMON
Nov 9, 2006 IT 4333, Fall 2006 38
Questions?