POSTECH DP&NM Lab 1 Remote Network Monitoring (RMON)
-
Upload
lionel-norton -
Category
Documents
-
view
218 -
download
2
Transcript of POSTECH DP&NM Lab 1 Remote Network Monitoring (RMON)
POSTECH DP&NM Lab
1
Remote Network Monitoring (RMON)
POSTECH DP&NM Lab
2
Table of Contents
• Basic Concepts• RMON Goals• RMON MIB Groups• RMON2
POSTECH DP&NM Lab
3
RMON Basic Concepts
• Extends the SNMP functionality without changing the protocol
• Allows the monitoring of remote networks (internetwork management)
• MAC-layer (layer 2 in OSI) monitoring• Defines a Remote MONitoring (RMON) MIB that
supplements MIB-II– with MIB-II, the manager can obtain information on individual
devices only– with RMON MIB, the manager can obtain information on the LAN
as a whole
• called network monitors, analyzers or probes
POSTECH DP&NM Lab
4
RMON RFCs
RFC Date Title
1513 Sept. 1993 Token Ring Extensions to theRemote Network Monitoring MIB
1757 Feb. 1995 Remote Network MonitoringManagement Information Base(RMON MIB)
2021 Jan. 1997 Remote Network MonitoringManagement Information BaseVersion 2 using SMIv2 (RMON MIB2)
POSTECH DP&NM Lab
5
RMON Goals
• Monitoring subnetwork-wide behavior• Reducing the burden on agents and managers• Continuous off-line monitoring in the presence of
failures (in network or manager)• Proactive monitoring
– perform some of the manager functions (e.g., diagnostics)
• Problem detection and reporting• Provide value-added (analyzed) data• Support multiple managers
POSTECH DP&NM Lab
6
Example Configuration for Remote Monitoring
BridgeBridge
RouterRouter
RouterRouter
RouterRouter
RouterRouter
FDDI backbone
Token Ring LAN
Router withRMON probe
Management consolewith RMON probe
Central Site
Local management console withRMON probe
PC with RMON probe
PC withRMON probe
Ethernet
Ethernet
Ethernet
POSTECH DP&NM Lab
7
Example of RMON probe with two interfaces
agenta
agentb
RMONprobe
agentc
agente
agentd
Interface 1
Interface 2
SubnetworkX
SubnetworkY
POSTECH DP&NM Lab
8
Control of Remote Monitors
• RMON MIB contains features that support extensive control from NMS– Configuration control– Action Invocation
• RMON MIB is organized into a number of functional groups
• Each group may contain one or more control tables and one or more data tables
• Control table (typically read-write) contains parameters that describe the data in a data table (typically read-only)
POSTECH DP&NM Lab
9
RMON MIB
rmon (mib-2 16)
statistics (1)
history (2)
alarm (3)
host (4)
hostTopN (5)
matrix (6)
filter (7)
capture (8)
event (9)
tokenRing (10)
POSTECH DP&NM Lab
10
RMON MIB Groups1. statistics: maintains MAC-level utilization and error stats
2. history: records periodic statistical samples from the stats group
3. alarm: allows NMS to set sampling interval & alarm threshold
4. host: contains counters for traffic from hosts on the subnetwork
5. hostTopN: contains sorted host stats that top a list based on some parameter in the host table
6. matrix: shows utilization and error stats in matrix for host pairs
7. filter: allows the monitor to observe packets that match a filter
8. capture: specifies how data is sent to NMS
9. event: specifies events to be generated by the RMON probe
10. tokenRing: maintains stats & config info for token ring subnet
POSTECH DP&NM Lab
11
RMON MIB2
• RMON MIB monitors MAC-level subnet traffic• RMON MIB2 can monitor traffic of packets at
layers 3 to 7 of the OSI Reference Model• Provides Network-layer Visibility
– can distinguish between local LAN and remote LAN traffic
• Provides Application-layer Visibility– can analyze traffic to and from hosts for particular applications– can determine which applications are putting the load on the net
• RMON MIB2 is basically an extension of RMON MIB
POSTECH DP&NM Lab
12
RMON MIB2
rmon (mib-2 16)
statistics (1)
history (2)
alarm (3)
host (4)
hostTopN (5)
matrix (6)
filter (7)
capture (8)
event (9)
tokenRing (10) probeConfig (19)
usrHistory (18)
alMatrix (17)
alHost (16)
nlMatrix (15)
nlHost (14)
addressMap (13)
protocolDist (12)
protocolDir (11)
RMON 1 RMON 2
POSTECH DP&NM Lab
13
RMON MIB2 Groups11. protocolDir: a master directory of all of the protocols that the
probe can interpret
12. protocolDist: aggregate stats on the amount of traffic generated by each protocol, per LAN segment
13. addressMap: contains MAC and port addresses of the devices
14. nlHost: network layer traffic stats per host
15. nlMatrix: network layer traffic stats per pairs of hosts
16. alHost: application layer traffic stats per host
17. alMatrix: application layer traffic stats per pairs of hosts
18. userHistory: periodically samples and logs user-defined data
19. probeConfig: defines standard configuration parameters for RMON probes
POSTECH DP&NM Lab
14
Summary
• RMON extends the SNMP functionality without changing the protocol
• RMON can monitor information on a whole subnetwork
• RMON is used extensively in analyzing network traffic for problem detection and network planning
• RMON2 allows monitoring of traffic at layers 3 to 7 in the OSI Model
• RMON2 can be used to analyze network traffic more accurately even to the application level
• Read Chapters 8, 9 and 10
POSTECH DP&NM Lab
Lab activity
15
RMON Group Function Elements