Remote monitoring in SNMP

7/30/2019 Remote monitoring in SNMP

1/12

Information Engineering and Technology FacultyDepartment of Networks

German University in Cairo

Assignment One

Group names :

Aalaa Othman 13-3691 T-6

Salma Youssef 13_553 T-8Monica Akladious 13-8196 T-6

Karim Ali 13-4364 T-8

Submission Date : May 22nd , 2012


2/12

Table of Contents

Remote Monitoring ................................................................................................................................. 3

How is RMON beneficial in network management? ........................................ ......................... ................ 4

RMON 1 and RMON 2 ........................ .......................... .......................... ......................... ......................... 5

RMON1 ............................................................................................................................................... 5

RMON1 Groups ................................................................................................................................... 6

Token Ring extensions to RMON MIB................................................................................................... 7

RMON2 ............................................................................................................................................... 7

Capabilities of RMON2 ........................ .......................... ......................... .......................... .................... 7

RMON2 Groups. .................................................................................................................................. 8

Probes ................................................................................................................................................... 12


3/12

Remote Monitoring

The success achieved by the SNMP management led to the popularity of managing the network

components in the network. SNMPv1 established the basis for remotely monitoring a network

from a network operation center NOC and carrying out configuration and error management.

But the degree of managing the network performance was restricted. The networks

performance description is usually statistical. This has participated in measuring the statistics of

the significant parameters in the network from the NOC mentioned above and in developing

the remote monitoring features.

RMON was introduced to adopt the issue of managing LAN sections and remote places from a

central location .It is a specification that allows different network monitors and console systems

to send and receive network monitoring data. It enables the network administrators to easily

choose consoles and probes with specifications that satisfy the networking requirements.

Monitors and probes mentioned above are the remote network monitoring devices; they are

used mainly for running and observing a network. The probes are mostly separate devices that

dedicate major resources to manage a network. An organization can use a huge number of

these devices, up till one device per a network section, so as to manage its internet and it also

has the ability to manage a geographically remote network like the support center of a certain

service provider or the central support organization of a company to control a certain remote

spot.

Initially RMON devices were devoted to execute the RMON MIB modules. But eventually cardswere proposed that introduced RMON potentials into a switch, hub or a router and it started to

act as a software ability that was introduced to the software of a device in the network and a

software application that can operate on clients or servers. And aside from the fact that the

different scenarios addressed differed, the main function of RMON as a devoted network

management tool was offered for all different happenings and activities in the network. These

functions were initially created to operate in the promiscuous mode for packets capturing on

network sections. Eventually the functions were implemented to not rely only on the

promiscuous capturing of the packets nowadays more procedures for collecting data were

introduced and the mode mentioned initially was one of the so many options for gatheringdata.


4/12

How is RMON beneficial in network management?

The following section explains the main advantages of using RMON in network management.

1. Offline OperationThe management station doesnt constantly keep in touch with its remote monitoring devices

mainly to reduce communications costs as a result a probe is set up to constantly gather

statistics provided that the management station itself is not functioning efficiently and in case

an exceptional condition takes place it tried to alert the station.

This allows for the management station to be informed about the performance, fault and

configuration continuously in an efficient way.

2. Proactive MonitoringIn case the resources can be reached through the monitor it should perform diagnostics and

record information about the network performance and since the monitor is always obtainable

at the beginning of the occurrence of any fault in the network, this monitor can instantly inform

the station about the failure that took place and can log statistical information, about that

failure, that can be used by the station so as to do more analysis to find out the main cause of

the failure that took place .

3. Problem Detection and ReportingThe monitor can be defined to identify the error conditions that occur mostly and constantly

check if they took place. As soon as one of the conditions takes place the event will be recorded

and the stations will be alerted about the occurrence of such an event.

4. Value Added DataA remote monitoring device is a devoted network resource for managing the network and since

it is placed at the part of the network that is monitored it can enhance the data it gathers with

useful value. For example by defining the hosts that yield the largest amount of faults and

traffic the probe can provide the management station with the information and statisticsneeded to decipher the issues that take place.

5. Multiple ManagersA single organization can contain more than one management station in order to offer recovery

from failures and disasters and for different tasks and units in the given organization. Because


5/12

this case is likely to exist in the network the remote monitoring device has to communicate with

more than just one management station possible using its resources synchronously.

RMON 1 and RMON 2

There exist two versions of RMON: RMONv1 and RMONv2. RMON1 stated 10 MIB groups for

monitoring the network which are used by the most recent network hardware. On the other

hand RMON2 mainly concentrates on traffic from higher layers which the MAC layer is below it

focuses on the IP and application level traffics. It enables packets monitoring on all network

layers unlike RMON1 which operate at the MAC layer and the layer below only as shown in the

Figure 1 :Layer that RMON1 AND 2 focus onFigure 1 :Layer that RMON1 AND 2 focus on

Figure 1 :Layer that RMON1 AND 2 focus on

RMON1

RMON-1 mainly operates at layer 2 and delivers gathered statistics about the link layer in

various ways. It also helps in generating the alerts and alarms incase a certain thresholds are

reached and it helps in capturing packet contents. With RMON1 MIB the managers of a certain

network can gather important data from different segments in the network in the aim of

observing the networks performance and resolving the faults that occur.

RMON1 MIB offers traffic statistics in the past and present for a network segment and in

between different hosts and it delivers a fluctuating alert and mechanism to set the thresholdsand inform the manager of the network about any changes that take place in the performance

of the network. RMON1 can be used as a protocol analyzer. RMON1 consists of 10 MIB groups

described precisely in the next section.

The figure below includes the RMOM1 groups.


6/12

Figure 2 rmon1 groups

RMON1 Groups

1. The Ethernet Statistics Group: It includes measured information and statistics about the

Ethernet interfaces that are observed by the probe. It consists of the Ethernet statistics

table. It contains the number of packets sent and dropped, Checksum errors, fragments,

counters for packets, etc...

2. The History Control Group: it controls the statistical sampling of data from different sortsof network media.

3. The Ethernet History Group: It saves the periodic statistical samples that the Ethernetnetwork provides and keeps them to be retrieved later. It includes the count of the

sampled items and the total number of samples.

4. The Alarm Group: It retrieves statistical samples from the variables in the probe andcompares them to the thresholds that have been set up if one of these variables reaches

the given threshold it creates an event. It contains the table of the alarm and defines thetypes of the alarms generated and the values of the starting and stopping thresholds.

5. The Host Group: it includes statistics related to each host found on the network. It findshosts on the network by setting up a list that includes source and destination MAC

addresses observed in good packets it captures from the network it contains the address

of the host, multicast, broadcast and error packets.


7/12

6. The HostTopN Group: this group is basically used to formulate reports about the hoststhat come on top of a list requested by one of their statistics. The statistics provided are

basically samples of one of the base statistics over a time interval defined by the station

as a result the resulted statistics are rate affected. The station also decides how many

hosts of that kind are reported. This group includes hosts, sample start and stop periods,

statistics and rate base.7. The Matrix Group: it records statistics for the conversations between two MAC addresses.

As soon as the device perceives a new conversation it generates a new entry in its tables.

It contains the destination and source address pairs and errors generated with each pair.

8. The Filter Group: It enables the packets to be coordinated by a certain filter equation. Thecoordinated packets create a data stream that can be captured or can be used to notify

the network about events that took place. It contains the type of the bit-filter, the bit

level, conditional expression to filters. The Packet Capture Group: It captures the packets after they move through a channel, itincludes information about the size of the buffer that contains the packets which were

captured and the total number of captured packets.

10.The Event Group: This group mainly generates events from the device and notifies thenetwork in case they take place. It contains information about the event type and the last

time this event was detected in the network.

Token Ring extensions to RMON MIB

Since the functions implemented in RMON-1 MIB were mainly definite to Ethernet media. To

activate the functions of Token Ring Media it was necessary to implement new objects in this

extension to handle and support the token ring and MIB also introduced monitoring functions

exclusive to Token Ring. This extension contains several groups each one if responsible of a

specific task.

RMON2

It extends the architecture of RMON1 by introducing RMON diagnostics up to the application

layer as mentioned earlier. But its important to know that RMON2 is not a replacement of

RMON1.Both of them are being used with each one perform a different task RMON1 offers

data for protocol analysis and segment monitoring and on the other hand RMON2 offers data

for application and network monitoring .

The main useful capability in RMON2 is focusing on monitoring the layers above the MAC layer

that delivers a view of the network as a whole instead of dealing with a single segment.

Capabilities of RMON2

1. Higher Layer Statistics: It provides host and matrix tables provided by RMON1 but atthe network and application layers. On monitoring these kinds of statistics the manager

can now watches which clients are communicating with which servers.


8/12

2. Address Translation: It binds between MAC and network layers addresses that are a lotsimpler to remember and read as well. The process of translation helps the network

manager in defining topology maps and helps in the discovery of the IP address

duplication.

3.

Improved Filtering: Since RMON2 supports higher layer protocols extra filters are neededin this case to enable the user to configure filters easily and more efficiently.

4. Probe Configuration: RMON2 enable the remote configuration by a certain vendorsapplication to another vendors probe.

RMON2 Groups.

Rmon2 groups are composed of protocol directory, protocol distribution, address mapping,

network layer host, network layer matrix, application layer host, application layer matrix, user

history & probe configuration.

First, the Protocol Directory is used to enable an RMON2 application to establish which

protocols particular RMON2 agent implements which is particularly important when the

application and the agent do not come from the same vendor. To understand this, remember that

so many protocols run on one network, that can be known or costumed for a particular

application; therefore any RMON2 solution had to provide a framework to support them all. The

Protocol Directory concept splits the protocol definition and the table structure where the

protocol traffic information is stored.

Second, the protocol distribution is responsible for collecting combined statistics on the

generated traffic distribution by each protocol per LAN segment. Also, it maps the collected data

by a probe to the correct protocol name. Afterwards, the protocol name can be viewed by the

network manager.

Third, the address mapping is responsible for address translation between MAC-layer addresses

and network-layer addresses where the latter is much easier in reading and hence remembering.

This causes enhanced topology maps since it both helps the network manager and supports the

SNMP management platform.

Structure of address Map group:


9/12

Figure 3 addmap group

Sub-

OID

Object Description

(1) Inserts Number of times an address mapping entry has beeninserted into the data table.

(2) Deletes Number of times an address mapping entry has been

deleted from the data table.

(3) MaxDesiredEntries Desired maximum number of entries in the address map

table.

Note: An entry of -1 denotes any number of entries.

Fourth, the network layer host permits the manager to look beyond the router to the connected

hosts by monitoring packets on traffic into and out of hosts. It collects layer 3 traffic statistics.

This is done depending on the network-layer address. It hence controls both the network andapplication-layer host tables.

Fifth, the network layer matrix has the capability to store and recover network layer statistics

for conversations between sets of two addresses based on the network-layer addresses; these

statistics show the protocol specific traffic between communicating pairs of systems in order to

enable the network manager to debug network problems faster and more accurately. Not only

can a server be detected as "dead" because it is not transmitting packets but the network manager

can also diagnose the tougher problem faced when the server is "alive" but a specific protocol

stack is faulty

Sixth, application layer host carries a group of statistics for a protocol from a certain network

address that has been discovered on the devices interface

Structure of AppHost Group:


10/12

Figure 4

Sub-

OID

Object Description

(1) TimeMark Time filter for this entry.

(2) InPkts Number of error-free packets of this

protocol type transmitted to thisaddress since it was added to the table.

(3) OutPkts Number of error-free packets of thisprotocol type transmitted by this

address since it was added to the table.

(4) InOctets Number of octets of this protocol typetransmitted to this address since it wasadded to the table, excluding packets

with errors.

(5) OutOctets Number of octets of this protocol type

transmitted by this address since it wasadded to the table, excluding packets

with errors.

(6) CreateTime Value of sysUpTime when this entrywas activated.

Seventh, application layer matrix stores and retrieves application layer traffic statistics based

on application layer protocol, per source/destination pairs of hosts for conversations between sets

of two addresses. For all conversations between any pairs of hosts, the statistics will relate to

traffic between pairs of hosts for each protocol.


11/12

Eighth, the probe configuration group defines standard configuration parameters for the

agent's capability, software revision, reset control which can be either warm boot or cold boot

and the trap destination table which is a list of trap recipient IP hosts. This standard configuration

feature enables one vendor's RMON application to remotely configure another vendor's RMON

probe.

Structure of probeConfig group:

Sub-

OID

Object Description

(1) probeCapabilities Indicates

what rmon groupsare supported.

(2) probeSoftwareRev Software revisionof this device: this

string will havezero length if the

revision isunknown.

(3) probeHardwareRev Hardware revisionof this device.

(4) probeDateTime Probe's current dateand time.

(5) probeResetControl Takes on the

values:

running(1)


12/12

Sub-

OID

Object Description

warmBoot(2)

coldBoot(3)

Finally, the user history group combines mechanisms seen in the alarm and history groups in

order to allow the network manager to form history studies of any counter in the system like the

specific history on a particular file server. It periodically samples user-specified variables and

logs that data, based on user-defined parameters.

ProbesRMON solutions are composed of two components: a probe that acts as a server and network

management applications that act as a client. Information is only transmitted to the management

application when required, instead of continuous polling. SNMP is used to enable

communication between the client and the probe.

The probe is a monitoring device that could be a router, switch or PC software containing

RMON software agents. It should be noted that these probes have to be located on every LAN

segment or WAN link monitored because they can only view traffic flowing through them; they

are placed permanently in the network most of the time.

These agents are responsible for gathering information such as bandwidth utilization, collision,

network error, and many more critical Ethernet network statistics. Also, they can analyze the

SNMP packets hence reducing SNMP traffic and the processing load from the clients.

Moreover, a probe can be used to set an alarm when a specific situation happens by monitoring

the traffics. Therefore, it can be used to and gather statistics sent to the management console and

periodically check.

The probe can be installed as a service in the PC background on any Windows PC in the remote

network segment.

If we are to compare between the RMON probe and the advanced probe, we will find that the

RMON probe is superior in the following way; 3rd Party supported collection mechanism. This

means that other manufacturers software or hardware can query and process statistics from a

RMON probe. Also, it can support 10 concurrent interfaces. Unlike the advanced probes which

only support one.

Remote monitoring in SNMP

Documents

Transcript of Remote monitoring in SNMP