Chapter 8 RMON Remote Monitoring YenCheng Chen IM
- Slides: 72
Chapter 8 RMON - Remote Monitoring Yen-Cheng Chen IM, NCNU June, 2006
RMON Components RMON: RMON Remote Network Monitoring • RMON Probe • Data gatherer - a physical device • Data analyzer • Processor that analyzes data
Networks with RMONs Data Analysis
Remote NM Goals n Offline Operation q n Proactive Monitoring q n q Given conditions, the probe continuously to check for them. If there any condition occurs, notify the manager. Value Added Data q n Continuously run diagnostics and log network performance. Problem Detection and Reporting q n Perform diagnostics and to collect statistics continuously, even when communication with the management station may not be possible or efficient. Who generate the most traffic or errors, … Multiple Managers
RMON Benefits • Monitors and analyzes locally and relays data; Less load on the network • Needs no direct visibility by NMS; More reliable information • Permits monitoring on a more frequent basis and hence faster fault diagnosis • Increases productivity for administrators
RMON MIB SMI: SMIv 2 (rfc 1902) RFC 1757 (2819) Layer: 2 (Ethernet) RFC 1513 RFC 2021 Layers: 3 -7
RMON Groups and Functions RMON Probe
RMON 1 MIB Groups & Tables • Ten groups divided into three categories • Statistics groups (rmon 1, 2, 4, 5, 6, and 10)) • Event reporting groups (rmon 3 and 9) • Filter and packet capture groups(romon 7 and 8) • Groups with “ 2” in the name are enhancements with RMON 2
RMON 1 MIB Groups & Tables
Textual Convention: Row Creation & Deletion • Entry. Status data type introduced in RMON • Entry. Status (similar to Row. Status in SNMPv 2) used to create and delete conceptual row. • Only 4 states in RMON compared to 6 in SNMPv 2
Textual Convention: Last. Create. Time and Time. Filter • Last. Create. Time tracks change of data with the changes in control in the control tables. • Timefilter used to download only those rows that changed after a particular time. Time. Ticks RFC 2021: RMON 2
Time. Filter foo. Table foo. Time. Mark foo. Table { SYNTAX SEQUENCE Of Foo. Entry. . . } foo. Entry { SYNTAX Foo. Entry INDEX { foo. Time. Mark, foo. Index }. . . } Foo. Entry { foo. Time. Mark Time. Filter foo. Index INTEGER, foo. Counts Counter }. . . foo. Counts of (foo. Index = 1) was updated at time 5 foo. Counts of (foo. Index = 2) was updated at time 9 foo. Index foo. Counts. 0. 1 5 foo. Counts. 0. 2 9 foo. Counts. 1. 1 5 foo. Counts. 1. 2 9 foo. Counts. 2. 1 5 foo. Counts. 2. 2 9 foo. Counts. 3. 1 5 foo. Counts. 3. 2 9 foo. Counts. 4. 2 9 foo. Counts. 5. 2 9
Control of Remote Network Monitoring Devices Control and Data Tables
statistics rmon 1 ether. Stats. Table if. Index. 1. ether. Stats. Entry ether. Stats. Index ether. Stats. Data. Source ether. Stats. Drop. Events ether. Stats. Octets ether. Stats. Pkts ether. Stats. Broadcast. Pkts ether. Stats. Multicast. Pkts ether. Stats. CRCAlign. Errors ether. Stats. Undersize. Pkts ether. Stats. Oversize. Pkts ether. Stats. Fragments ether. Stats. Jabbers ether. Stats. Collisions ether. Stats. Pkts 64 Octets ether. Stats. Pkts 65 to 127 Octets ether. Stats. Pkts 128 to 255 Octets ether. Stats. Pkts 256 to 511 Octets ether. Stats. Pkts 512 to 1023 Octets ether. Stats. Pkts 1024 to 1518 Octets ether. Stats. Owner ether. Stats. Status
ether. Stats. Index ether. Stats. Owner if. Desrc. x ether. Stats. Status (ether. Stats. Data. Source) = x
ether. Stats. Drop. Events ether. Stats. Octets ether. Stats. Pkts ether. Stats. Broadcast. Pkts ether. Stats. Multicast. Pkts ether. Stats. CRCAlign. Errors ether. Stats. Undersize. Pkts ether. Stats. Oversize. Pkts ether. Stats. Fragments ether. Stats. Jabbers ether. Stats. Collisions ether. Stats. Pkts 64 Octets ether. Stats. Pkts 65 to 127 Octets ether. Stats. Pkts 128 to 255 Octets ether. Stats. Pkts 256 to 511 Octets ether. Stats. Pkts 512 to 1023 Octets ether. Stats. Pkts 1024 to 1518 Octets
ether. Stats. Pkts ether. Stats. Broadcast. Pkts ether. Stats. Multicast. Pkts ether. Stats. Drop. Events
ether. Stats. CRCAlign. Errors ether. Stats. Undersize. Pkts ether. Stats. Oversize. Pkts ether. Stats. Fragments ether. Stats. Jabbers ether. Stats. Collisions
ether. Stats. Pkts 64 Octets ether. Stats. Pkts 65 to 127 Octets ether. Stats. Pkts 128 to 255 Octets ether. Stats. Pkts 256 to 511 Octets ether. Stats. Pkts 512 to 1023 Octets ether. Stats. Pkts 1024 to 1518 Octets
history. Control. Table history. Control. Entry history. Control. Index history. Control. Data. Source history. Control. Buckets. Requested history. Control. Buckets. Granted history. Control. Interval history. Control. Owner history. Control. Status ether. History. Table ether. History. Entry ether. History. Index ether. History. Sample. Index ether. History. Interval. Start ether. History. Drop. Events ether. History. Octets ether. History. Pkts ether. History. Broadcast. Pkts ether. History. Multicast. Pkts ether. History. CRCAlign. Errors ether. History. Undersize. Pkts ether. History. Oversize. Pkts ether. History. Fragments ether. History. Jabbers ether. History. Collisions ether. History. Utilization rmon 2
history. Control. Table history. Control. Entry history. Control. Index history. Control. Data. Source history. Control. Buckets. Requested history. Control. Buckets. Granted history. Control. Interval history. Control. Owner history. Control. Status
ether. History. Utilization • 10 -Megabit ethernet utilization: Utilization = 64 bits Pkts * (9. 6 + 6. 4) + (Octets *. 8) Interval * 10, 000 Pkts * (96 + 64) + (Octets * 8) Interval * 10, 000 96 bits 100%
Alarm Group n n n rmon 3 Set thresholds on a variety of items affecting network performance When the thresholds are crossed, events are reported. In general, the values of thresholds are determined according to past experience.
Thresholds n Threshold Priority q q n In general, priority: low, medium, high Multiple threshold values for the same item Thresholds for multiple items RMON doesn't support multiple thresholds. Use rearm mechanism to avoid frequent threshold events q alarm. Rising. Threshold, alarm. Falling. Threshold
Alarms util% Rising Threshold Rearm Rising. Alarm 123 4 * * 5 6 7 Falling Threshold time
alarm rising. Alarm(1), falling. Alarm(2), rising. Or. Falling. Alarm(3 ) alarm. Table alarm. Entry alarm. Index alarm. Interval alarm. Variable absolute. Value(1), alarm. Sample. Type delta. Value(2) alarm. Value alarm. Startup. Alarm alarm. Rising. Threshold alarm. Falling. Threshold alarm. Rising. Event. Index alarm. Falling. Event. Index alarm. Owner alarm. Status
Got a trap from: 10. 22. 18 Enterprise: . 1. 3. 6. 1. 2. 1. 16 Agent-Address: 10. 22. 18 Generic-Trap: 6 Specific-Trap: 1 Timestamp: 85114030 Variable. Bindings: (5). 1. 3. 6. 1. 2. 1. 16. 3. 1. 111: 111. 1. 3. 6. 1. 2. 1. 16. 3. 1. 1. 3. 111: . 1. 3. 6. 1. 2. 1. 16. 1. 1. 1. 4. 1. 1. 3. 6. 1. 2. 1. 16. 3. 1. 1. 4. 111: 2. 1. 3. 6. 1. 2. 1. 16. 3. 1. 1. 5. 111: 2791697. 1. 3. 6. 1. 2. 1. 16. 3. 1. 1. 7. 111: 1900000
rising. Alarm NOTIFICATION-TYPE OBJECTS { alarm. Index, alarm. Variable, alarm. Sample. Type, alarm. Value, alarm. Rising. Threshold } STATUS current DESCRIPTION "The SNMP trap that is generated when an alarm entry crosses its rising threshold and generates an event that is configured for sending SNMP traps. " : : = { rmon. Events. V 2 1 } falling. Alarm NOTIFICATION-TYPE OBJECTS { alarm. Index, alarm. Variable, alarm. Sample. Type, alarm. Value, alarm. Falling. Threshold } STATUS current DESCRIPTION "The SNMP trap that is generated when an alarm entry crosses its falling threshold and generates an event that is configured for sending SNMP traps. " : : = { rmon. Events. V 2 2 }
event. Table event. Entry event. Index event. Description event. Type event. Community event. Last. Time. Sent event. Owner event. Status none(1), log(2), snmptrap(3), logandtrap(4) rmon 9 log. Table log. Entry log. Event. Index log. Time log. Description
event. Table log. Table
hosts rmon 4 host. Table host. Entry host. Address host. Creation. Order host. Index host. In. Pkts host. Out. Pkts host. In. Octets host. Out. Errors host. Out. Broadcast. Pkts host. Out. Multicast. Pkts host. Control. Table host. Control. Entry host. Control. Index host. Control. Data. Source host. Control. Table. Size host. Control. Last. Delete. Time host. Control. Owner host. Control. Status host. Time. Table host. Time. Entry host. Time. Address host. Time. Creation. Order host. Time. Index host. Time. In. Pkts host. Time. Out. Pkts host. Time. In. Octets host. Time. Out. Errors host. Time. Out. Broadcast. Pkts host. Time. Out. Multicast. Pkts
host. Top. NControl. Table host. Top. NControl. Entry host. Top. NControl. Index host. Top. NHost. Index host. Top. NRate. Base * host. Top. NTime. Remaining host. Top. NDuration host. Top. NRequested. Size host. Top. NGranted. Size host. Top. NStart. Time host. Top. NOwner host. Top. NStatus rmon 5 host. Top. NTable host. Top. NEntry host. Top. NReport host. Top. NIndex host. Top. NAddress host. Top. NRate host. Top. NIn. Pkts(1), host. Top. NOut. Pkts(2), host. Top. NIn. Octets(3), host. Top. NOut. Octets(4), host. Top. NOut. Errors(5), host. Top. NOut. Broadcast. Pkts(6), host. Top. NOut. Multicast. Pkts(7)
Host Top N Group Example
matrix rmon 6 matrix. Control. Table matrix. Control. Entry matrix. Control. Index matrix. Control. Data. Source matrix. Control. Table. Size matrix. Control. Last. Delete. Time matrix. Control. Owner matrix. Control. Status matrix. SDTable matrix. SDEntry matrix. SDSource. Address matrix. SDDest. Address matrix. SDIndex matrix. SDPkts matrix. SDOctets matrix. SDErrors matrix. DSTable matrix. DSEntry matrix. DSSource. Address matrix. DSDest. Address matrix. DSIndex matrix. DSPkts matrix. DSOctets matrix. DSErrors
Matrix Control and SD Tables
Filter Group rmon 7 • Filter group used to capture packets defined by logical expressions • Channel is a stream of data captured based on a logical expression • Filter table allows packets to be filtered with an arbitrary filter expression • A row in the channel table associated with multiple rows in the filter table
Filter n A channel is associated with n filter 1 OR filter 2 OR … filtern Within a filter, any bits checked in the data and status are AND’ed with respect to other bits in the same filter.
Filter Group
filter channel. Table filter. Table channel. Entry filter. Entry channel. Index filter. Index channel. If. Index filter. Channel. Index channel. Accept. Type On(1) filter. Pkt. Data. Offset Off(2) channel. Data. Control filter. Pkt. Data channel. Turn. On. Event. Index filter. Pkt. Data. Mask channel. Turn. Off. Event. Index filter. Pkt. Data. Not. Mask channel. Event. Index filter. Pkt. Status channel. Event. Status filter. Pkt. Status. Mask channel. Matches filter. Pkt. Status. Not. Mask channel. Description filter. Owner channel. Owner filter. Status channel. Status event. Ready(1), accept. Matched(1), event. Fired(2), accept. Failed(2) event. Always. Ready(3
filter. Pkt. Data. Offset Input Packet filter. Pkt. Data. Mask Bitwise XOR Bitwise AND filter. Pkt. Data. Not. Mask Bitwise NOT Bitwise AND Pass if all bits are 0 (pass if match) Bitwise AND Pass if any bits are 1 (pass if mismatch)
Filter Example filter. Pkt. Data. Offset filter. Pkt. Data. Mask filter. Pkt. Data. Not. Mask = = 0 0 x 00000 A 500000 BB 0 x. FFFFFFFFFFFF 0 x 000000 FFFFFF Accept all Ethernet packets that have a destination address of 0 x. A 5 and that do not have a source address of 0 x. BB.
Capture Group Channel Table rmon 8 Filter Table (many for each channel) Capture Buffer Table (One entry per Channel)
capture space. Available(1), full(2) capture. Buffer. Table capture. Buffer. Entry capture. Buffer. Control. Index capture. Buffer. Packet. ID capture. Buffer. Packet. Data capture. Buffer. Packet. Length capture. Buffer. Packet. Time capture. Buffer. Packet. Status lock. When. Full(1), wrap. When. Full(2) buffer. Control. Table buffer. Control. Entry buffer. Control. Index buffer. Control. Channel. Index buffer. Control. Full. Status buffer. Control. Full. Action buffer. Control. Capture. Slice. Size buffer. Control. Download. Offset buffer. Control. Max. Octets. Requested buffer. Control. Max. Octets. Granted buffer. Control. Captured. Packets buffer. Control. Turn. On. Time buffer. Control. Owner buffer. Control. Status
RMON TR Extension Groups Rmon 10
RMON 2 • Applicable to Layers 3 and above • Functions similar to RMON 1 • Enhancement to RMON 1 • Defined conformance and compliance
RMON 2 MIB
RMON 2 MIB
Protocol Directory protocol. Dir. Last. Change protocol. Dir. Table protocol. Dir. Entry protocol. Dir. ID protocol. Dir. Parameters protocol. Dir. Local. Index protocol. Dir. Descr protocol. Dir. Type protocol. Dir. Address. Map. Config protocol. Dir. Host. Config protocol. Dir. Matrix. Config protocol. Dir. Owner protocol. Dir. Status 16. 0. 0. 0. 1. 0. 0. 8. 0. 0. 17. 0. 0. 0. 161. 4. 0. 1. 0. 0 rmon 11 Protocol Identifier ether 2. ip. udp. snmp 16. 0. 0. 0. 1. 0. 0. 8. 0. 0. 17. 0. 0. 0. 161 ether 2. ip. udp 12. 0. 0. 0. 1. 0. 0. 8. 0. 0. 17 4. 0. 1. 0. 0 3. 0. 1. 0 (bit 0) counts. Fragments (bit 1) tracks. Sessions BITS { extensible(0), address. Recognition. Capable(1) } not. Supported(1), supported. Off(2), supported. On(3)
protocol. Dir. Table Example protocol. Dir. Owner protocol. Dir. Local. Index protocol. Dir. Address. Map. Config protocol. Dir. Status protocol. Dir. Host. Config protocol. Dir. Descr protocol. Dir. Matrix. Config protocol. Dir. Type protocol. Dir. Local. Index. protocol. Dir. ID. protocol. Dir. Parameters. 1. 3. 6. 1. 2. 1. 16. 11. 2. 1. 3. 8. 1. 0. 0. 8. 0. 2. 0. 0. 1. 3. 6. 1. 2. 1. 16. 11. 2. 1. 3. 12. 1. 0. 0. 8. 0. 0. 6. 3. 0. 0. 0. 1. 3. 6. 1. 2. 1. 16. 11. 2. 1. 3. 16. 1. 0. 0. 8. 0. 0. 17. 0. 0. 0. 53. 4. 0. 0
Protocol Distribution rmon 12 protocol. Dist. Control. Table protocol. Dist. Control. Entry protocol. Dist. Control. Index protocol. Dist. Control. Data. Source protocol. Dist. Control. Dropped. Frames protocol. Dist. Control. Create. Time protocol. Dist. Control. Owner protocol. Dist. Control. Status protocol. Dist. Stats. Table protocol. Dist. Stats. Entry protocol. Dist. Stats. Pkts protocol. Dist. Stats. Octets INDEX { protocol. Dist. Control. Index, protocol. Dir. Local. Index }
protocol. Dist. Stats. Table ip *. ip. tcp. telnet *. ip. udp. netbios *. ip. udp. rip *. arp *. ip. tcp. ftp-data *. ip. udp. snmp protocol. Dir. Descr (protocol. Dir. Table) protocol. Dir. Local. Index Sorted by Octets
Address Map Group rmon 13 address. Map. Control. Table address. Map. Control. Entry address. Map. Control. Index address. Map. Control. Data. Source address. Map. Control. Dropped. Frames address. Map. Control. Owner address. Map. Control. Status address. Map. Table address. Map. Entry address. Map. Time. Mark address. Map. Network. Address address. Map. Source address. Map. Physical. Address address. Map. Last. Change { address. Map. Time. Mark, protocol. Dir. Local. Index, address. Map. Network. Address, address. Map. Source }
address. Map. Table length (11 bytes) if. Index address. Map. Source (11. 1. 3. 6. 1. 2. 2. 1. 1. 1) address. Map. Network. Address (4. 4. 3. 107. 132) protocol. Dir. Local. Index (4: ip) IP address. Map. Time. Mark length (4 bytes) address. Map. Physical. Address
Network Layer Host Group hl. Host. Control. Table rmon 14 hl. Host. Control. Table hl. Host. Control. Entry hl. Host. Control. Index hl. Host. Control. Data. Source hl. Host. Control. Nl. Dropped. Frames hl. Host. Control. Nl. Inserts hl. Host. Control. Nl. Deletes hl. Host. Control. Nl. Max. Desired. Entries hl. Host. Control. Al. Dropped. Frames hl. Host. Control. Al. Inserts hl. Host. Control. Al. Deletes hl. Host. Control. Al. Max. Desired. Entries hl. Host. Control. Owner hl. Host. Control. Status hl, nl, al means higher layer, network layer, and application layer
Network-Layer Host Table rmon 14 2 nl. Host. Table nl. Host. Entry nl. Host. Time. Mark nl. Host. Address nl. Host. In. Pkts nl. Host. Out. Pkts nl. Host. In. Octets nl. Host. Out. Mac. Non. Unicast. Pkts nl. Host. Create. Time INDEX { hl. Host. Control. Index, nl. Host. Time. Mark, protocol. Dir. Local. Index, nl. Host. Address } nl. Host. Out. Pkts. 1. 783495. 18. 4. 128. 2. 6. 6.
Network Layer Matrix Group rmon 15 1 rmon 15 hl. Matrix. Control. Table hl. Matrix. Control. Entry hl. Matrix. Control. Index hl. Matrix. Control. Data. Source hl. Matrix. Control. Nl. Dropped. Frames hl. Matrix. Control. Nl. Inserts hl. Matrix. Control. Nl. Deletes hl. Matrix. Control. Nl. Max. Desired. Entries hl. Matrix. Control. Al. Dropped. Frames hl. Matrix. Control. Al. Inserts hl. Matrix. Control. Al. Deletes hl. Matrix. Control. Al. Max. Desired. Entries hl. Matrix. Control. Owner hl. Matrix. Control. Status
Network-Layer Source/Destination Statistics rmon 15 2 nl. Matrix. SDTable nl. Matrix. SDEntry nl. Matrix. SDTime. Mark nl. Matrix. SDSource. Address nl. Matrix. SDDest. Address nl. Matrix. SDPkts nl. Matrix. SDOctets nl. Matrix. SDCreate. Time rmon 15 3 nl. Matrix. DSTable nl. Matrix. DSEntry nl. Matrix. DSTime. Mark nl. Matrix. DSSource. Address nl. Matrix. DSDest. Address nl. Matrix. DSPkts nl. Matrix. DSOctets nl. Matrix. DSCreate. Time INDEX { hl. Matrix. Control. Index, nl. Matrix. SDTime. Mark, protocol. Dir. Local. Index, nl. Matrix. SDSource. Address, nl. Matrix. SDDest. Address } INDEX { hl. Matrix. Control. Index, nl. Matrix. DSTime. Mark, protocol. Dir. Local. Index, nl. Matrix. DSDest. Address, nl. Matrix. DSSource. Address } nl. Matrix. SDPkts. 1. 783495. 18. 4. 128. 2. 6. 6. 4. 128. 2. 6. 7
nl. Matrix. SDTable nl. Matrix. SDPkts nl. Matrix. SDDest. Address nl. Matrix. SDSource. Address protocol. Dir. Local. Index (ip) nl. Matrix. SDTime. Mark hl. Matrix. Control. Index
Network-Layer Top N Matrix nl. Matrix. Top. NPkts(1), nl. Matrix. Top. NOctets(2) rmon 15 4 nl. Matrix. Top. NControl. Table nl. Matrix. Top. NControl. Entry nl. Matrix. Top. NControl. Index rmon 15 5 nl. Matrix. Top. NControl. Matrix. Index nl. Matrix. Top. NControl. Rate. Base nl. Matrix. Top. NTable nl. Matrix. Top. NControl. Time. Remaining nl. Matrix. Top. NEntry nl. Matrix. Top. NIndex nl. Matrix. Top. NControl. Generated. Reports nl. Matrix. Top. NProtocol. Dir. Local. Index nl. Matrix. Top. NControl. Duration nl. Matrix. Top. NSource. Address nl. Matrix. Top. NControl. Requested. Size nl. Matrix. Top. NDest. Address nl. Matrix. Top. NControl. Granted. Size nl. Matrix. Top. NPkt. Rate nl. Matrix. Top. NControl. Start. Time nl. Matrix. Top. NReverse. Pkt. Rate nl. Matrix. Top. NControl. Owner nl. Matrix. Top. NOctet. Rate nl. Matrix. Top. NControl. Status nl. Matrix. Top. NReverse. Octet. Rate nl. Matrix. Top. NControl. Index, nl. Matrix. Top. NIndex
Application-Layer Host Group rmon 16 1 al. Host. Table al. Host. Entry al. Host. Time. Mark al. Host. In. Pkts al. Host. Out. Pkts al. Host. In. Octets al. Host. Out. Octets al. Host. Create. Time rmon 16 *. ip INDEX { hl. Host. Control. Index, al. Host. Time. Mark, protocol. Dir. Local. Index, nl. Host. Address, protocol. Dir. Local. Index } *. ip. tcp. http
al. Host. Table : hl. Host. Control. Index : al. Host. Time. Mark : protocol. Dir. Local. Index, : nl. Host. Address : protocol. Dir. Local. Index
Application Layer Matrix Group rmon 17 1 rmon 17 2 al. Matrix. SDTable al. Matrix. SDEntry al. Matrix. SDTime. Mark al. Matrix. SDPkts al. Matrix. SDOctets al. Matrix. SDCreate. Time al. Matrix. DSTable al. Matrix. DSEntry al. Matrix. DSTime. Mark al. Matrix. DSPkts al. Matrix. DSOctets al. Matrix. DSCreate. Time INDEX { hl. Matrix. Control. Index, al. Matrix. SDTime. Mark, protocol. Dir. Local. Index, nl. Matrix. SDSource. Address, nl. Matrix. SDDest. Address, protocol. Dir. Local. Index } INDEX { hl. Matrix. Control. Index, al. Matrix. DSTime. Mark, protocol. Dir. Local. Index, nl. Matrix. DSDest. Address, nl. Matrix. DSSource. Address, protocol. Dir. Local. Index }
Application-Layer Top N Matrix al. Matrix. Top. NControl. Table al. Matrix. Top. NControl. Entry al. Matrix. Top. NControl. Index al. Matrix. Top. NControl. Matrix. Index al. Matrix. Top. NControl. Rate. Base al. Matrix. Top. NTerminals. Pkts(1), al. Matrix. Top. NControl. Time. Remaining al. Matrix. Top. NTerminals. Octets(2), al. Matrix. Top. NControl. Generated. Reports al. Matrix. Top. NAll. Pkts(3), al. Matrix. Top. NControl. Duration al. Matrix. Top. NAll. Octets(4) al. Matrix. Top. NControl. Requested. Size al. Matrix. Top. NControl. Granted. Size al. Matrix. Top. NControl. Start. Time al. Matrix. Top. NControl. Owner al. Matrix. Top. NControl. Status collection only from protocols that have no child protocols that are counted. rmon 17 3
al. Matrix. Top. NTable rmon 17 4 al. Matrix. Top. NTable al. Matrix. Top. NEntry al. Matrix. Top. NIndex al. Matrix. Top. NProtocol. Dir. Local. Index al. Matrix. Top. NSource. Address al. Matrix. Top. NDest. Address al. Matrix. Top. NApp. Protocol. Dir. Local. Index al. Matrix. Top. NPkt. Rate al. Matrix. Top. NReverse. Pkt. Rate al. Matrix. Top. NOctet. Rate al. Matrix. Top. NReverse. Octet. Rate INDEX { al. Matrix. Top. NControl. Index, al. Matrix. Top. NIndex }
User History Collection Group rmon 18 1 rmon 18 2 usr. History. Object. Table usr. History. Object. Entry usr. History. Object. Index usr. History. Object. Variable usr. History. Object. Sample. Type rmon 18 usr. History. Control. Table usr. History. Control. Entry usr. History. Control. Index usr. History. Control. Objects usr. History. Control. Buckets. Requested usr. History. Control. Buckets. Granted usr. History. Control. Interval usr. History. Control. Owner usr. History. Control. Status absolute. Value(1), delta. Value(2) INDEX { usr. History. Control. Index, usr. History. Object. Index }
User History Table rmon 18 3 usr. History. Table usr. History. Entry usr. History. Sample. Index usr. History. Interval. Start usr. History. Interval. End usr. History. Abs. Value usr. History. Val. Status value. Not. Available(1), value. Positive(2), value. Negative(3) INDEX { usr. History. Control. Index, usr. History. Sample. Index, usr. History. Object. Index }
A Case Study • Objectives • Traffic growth and trend • Traffic patterns • Network comprising Ethernet and FDDI LANs • Tools used • HP Netmetrix protocol analyzer • Special high-speed TCP dump tool for FDDI LAN • RMON groups utilized • Host top-n • Matrix group • Filter group • Packet capture group (for application level protocols)
Case Study Results
Case Study Results Traffic Pattern