POSTECH DP&NM Lab

1

Remote Network Monitoring (RMON)

POSTECH DP&NM Lab

2

Table of Contents

• Basic Concepts• RMON Goals• RMON MIB Groups• RMON2

POSTECH DP&NM Lab

3

RMON Basic Concepts

• Extends the SNMP functionality without changing the protocol

• Allows the monitoring of remote networks (internetwork management)

• MAC-layer (layer 2 in OSI) monitoring• Defines a Remote MONitoring (RMON) MIB that

supplements MIB-II– with MIB-II, the manager can obtain information on individual

devices only– with RMON MIB, the manager can obtain information on the LAN

as a whole

• called network monitors, analyzers or probes

POSTECH DP&NM Lab

4

RMON RFCs

RFC Date Title

1513 Sept. 1993 Token Ring Extensions to theRemote Network Monitoring MIB

1757 Feb. 1995 Remote Network MonitoringManagement Information Base(RMON MIB)

2021 Jan. 1997 Remote Network MonitoringManagement Information BaseVersion 2 using SMIv2 (RMON MIB2)

POSTECH DP&NM Lab

5

RMON Goals

• Monitoring subnetwork-wide behavior• Reducing the burden on agents and managers• Continuous off-line monitoring in the presence of

failures (in network or manager)• Proactive monitoring

– perform some of the manager functions (e.g., diagnostics)

• Problem detection and reporting• Provide value-added (analyzed) data• Support multiple managers

POSTECH DP&NM Lab

6

Example Configuration for Remote Monitoring

BridgeBridge

RouterRouter

RouterRouter

RouterRouter

RouterRouter

FDDI backbone

Token Ring LAN

Router withRMON probe

Management consolewith RMON probe

Central Site

Local management console withRMON probe

PC with RMON probe

PC withRMON probe

Ethernet

Ethernet

Ethernet

POSTECH DP&NM Lab

7

Example of RMON probe with two interfaces

agenta

agentb

RMONprobe

agentc

agente

agentd

Interface 1

Interface 2

SubnetworkX

SubnetworkY

POSTECH DP&NM Lab

8

Control of Remote Monitors

• RMON MIB contains features that support extensive control from NMS– Configuration control– Action Invocation

• RMON MIB is organized into a number of functional groups

• Each group may contain one or more control tables and one or more data tables

• Control table (typically read-write) contains parameters that describe the data in a data table (typically read-only)

POSTECH DP&NM Lab

9

RMON MIB

rmon (mib-2 16)

statistics (1)

history (2)

alarm (3)

host (4)

hostTopN (5)

matrix (6)

filter (7)

capture (8)

event (9)

tokenRing (10)

POSTECH DP&NM Lab

10

RMON MIB Groups1. statistics: maintains MAC-level utilization and error stats

2. history: records periodic statistical samples from the stats group

3. alarm: allows NMS to set sampling interval & alarm threshold

4. host: contains counters for traffic from hosts on the subnetwork

5. hostTopN: contains sorted host stats that top a list based on some parameter in the host table

6. matrix: shows utilization and error stats in matrix for host pairs

7. filter: allows the monitor to observe packets that match a filter

8. capture: specifies how data is sent to NMS

9. event: specifies events to be generated by the RMON probe

10. tokenRing: maintains stats & config info for token ring subnet

POSTECH DP&NM Lab

11

RMON MIB2

• RMON MIB monitors MAC-level subnet traffic• RMON MIB2 can monitor traffic of packets at

layers 3 to 7 of the OSI Reference Model• Provides Network-layer Visibility

– can distinguish between local LAN and remote LAN traffic

• Provides Application-layer Visibility– can analyze traffic to and from hosts for particular applications– can determine which applications are putting the load on the net

• RMON MIB2 is basically an extension of RMON MIB

POSTECH DP&NM Lab

12

RMON MIB2

rmon (mib-2 16)

statistics (1)

history (2)

alarm (3)

host (4)

hostTopN (5)

matrix (6)

filter (7)

capture (8)

event (9)

tokenRing (10) probeConfig (19)

usrHistory (18)

alMatrix (17)

alHost (16)

nlMatrix (15)

nlHost (14)

addressMap (13)

protocolDist (12)

protocolDir (11)

RMON 1 RMON 2

POSTECH DP&NM Lab

13

RMON MIB2 Groups11. protocolDir: a master directory of all of the protocols that the

probe can interpret

12. protocolDist: aggregate stats on the amount of traffic generated by each protocol, per LAN segment

13. addressMap: contains MAC and port addresses of the devices

14. nlHost: network layer traffic stats per host

15. nlMatrix: network layer traffic stats per pairs of hosts

16. alHost: application layer traffic stats per host

17. alMatrix: application layer traffic stats per pairs of hosts

18. userHistory: periodically samples and logs user-defined data

19. probeConfig: defines standard configuration parameters for RMON probes

POSTECH DP&NM Lab

14

Summary

• RMON extends the SNMP functionality without changing the protocol

• RMON can monitor information on a whole subnetwork

• RMON is used extensively in analyzing network traffic for problem detection and network planning

• RMON2 allows monitoring of traffic at layers 3 to 7 in the OSI Model

• RMON2 can be used to analyze network traffic more accurately even to the application level

• Read Chapters 8, 9 and 10

POSTECH DP&NM Lab

Lab activity

15

RMON Group Function Elements