Network Administration CNET443 1 Chapter 6 RMON Remote

What is Remote Monitoring 2 �It refers to the using of a tool that

RMON 3 �RMON is a set of standardized MIB variables that monitor networks. �RMON

RMON Goal 4 Goals of RMON: Monitor network traffic in a local-area network (LAN)

RMON approach 5 �RMON implements a passive collection approach that measures specific aspects of

RMON devices 6 � RMON can be implemented in network elements, such as Cisco

Network Configuration with RMONs 7 • Note that RMON is embedded monitoring remote FDDI

RMON Benefits 8 • • • Monitors and analyzes locally and relays data. Less

RMON 2 9 �RMON 2 focuses on the layers of traffic above the Media

RMON MIB Group for RMON 1 and RMON 2 11 • RMON 1: Ethernet

Relationship between Control and Data tables 12 �The data table contains rows (instances) of

RMON 1 13 Group number OID Group name 1 rmon 1 Statistics 2 rmon

RMON 1 Ethernet Groups 14 Group name Super group Statistics History Hosts Host. Top.

RMON 1 statistics groups 15 RMON 1 Function Group Elements Statistics Contains statistics measured

RMON 1 Statistics groups 16 RMON 1 Group Function Elements Traffic Matrix Stores statistics

RMON 1 Event reporting groups 17 RMON 1 Group Function Elements Alarms Periodically takes

RMON 1 Filter and packet capture groups 18 RMON 1 Function Group Elements Filters

ATM RMON 20 � ATM protocol IDs for RMON 2 define additional objects needed

RMON summary 21 The principles of RMON are as follows: ü It is a

Slides: 21

Download presentation

Network Administration CNET-443 1 Chapter – 6 RMON (Remote Monitoring)

What is Remote Monitoring 2 �It refers to the using of a tool that “sniffs” every packet that is going across a local area network (LAN), opens it, and analyzes it. �It is a passive operation and does nothing to the packets, which continue to proceed to their destinations. �It is also called probes and it has two parts, I. II. Physical object that is connected to the transmission medium Processor, which analyzes the data.

RMON 3 �RMON is a set of standardized MIB variables that monitor networks. �RMON initially referred to only the RMON MIB, the term RMON now is often used to refer to the concept of remote monitoring and to the entire series of RMON MIB extensions.

RMON Goal 4 Goals of RMON: Monitor network traffic in a local-area network (LAN) environment To provide comprehensive information for network fault diagnosis, planning, and performance tuning to network administrators.

RMON approach 5 �RMON implements a passive collection approach that measures specific aspects of the traffic without interfering by adding monitoring traffic.

RMON devices 6 � RMON can be implemented in network elements, such as Cisco routers and switches, or it can be deployed using dedicated RMON probes. • RMON Probe • Data gatherer - a physical device • Data analyzer • Processor that analyzes data

Network Configuration with RMONs 7 • Note that RMON is embedded monitoring remote FDDI LAN • Analysis done in NMS ( Network Monitoring System)

RMON Benefits 8 • • • Monitors and analyzes locally and relays data. Less load on the network Needs no direct visibility by NMS. More reliable information Permits monitoring on a more frequent basis and hence faster fault diagnosis • Increases productivity for administrators

RMON 2 9 �RMON 2 focuses on the layers of traffic above the Media Access Control (MAC) layer. �The main enhancement of RMON 2 is the capability to measure Layer 3 network traffic and application statistics. �RMON 2 extends the monitoring capability to the upper layers, from the network layer to the application layer.

RMON MIB Group for RMON 1 and RMON 2 10

RMON MIB Group for RMON 1 and RMON 2 11 • RMON 1: Ethernet RMON groups (rmon 1 - rmon 9) • RMON 1: Extension: Token ring extension (rmon 10) • RMON 2: Higher layers (3 -7) groups (rmon 11 - rmon 20)

Relationship between Control and Data tables 12 �The data table contains rows (instances) of data. �The control table defines the instances of the data rows in the data table and is settable to gather and store different instances of data. �We can collect data based on source and destination addresses appearing in the packets on a given interface using the matrix. SDTable.

RMON 1 13 Group number OID Group name 1 rmon 1 Statistics 2 rmon 2 History 3 rmon 3 Alarms 4 rmon 4 Hosts 5 rmon 5 Host. Top. N 6 rmon 6 Traffic Matrix 7 rmon 7 Filters 8 rmon 8 Packet Capture 9 rmon 9 Events 10 rmon 10 Token Ring

RMON 1 Ethernet Groups 14 Group name Super group Statistics History Hosts Host. Top. N Statistics groups Traffic Matrix Token Ring Alarms Events Filters Packet Capture Event reporting groups Filter and packet capture groups

RMON 1 statistics groups 15 RMON 1 Function Group Elements Statistics Contains statistics measured by the RMON probe for each monitored interface on this device. Packets dropped, packets sent, bytes sent (octets), broadcast packets, multicast packets, CRC errors, runts, giants History Records periodic statistical samples from a network and stores them for later retrieval. Sample period, number of samples, items sampled Hosts Contains statistics associated with each host discovered on the LAN. Host MAC address, packets, and bytes received and transmitted. Host. Top N It describes the hosts that top a list Statistics, host(s), sample start ordered by one of their base statistics and stop periods, rate base, and over an interval specified by the duration. management station.

RMON 1 Statistics groups 16 RMON 1 Group Function Elements Traffic Matrix Stores statistics for conversations between sets of two MAC addresses. As the device detects a new conversation, it creates a new entry in its table. Source and destination MAC address pairs and packets, Token Ring Provides additional statistics for Token Ring networks. MAC layer statistics, promiscuous statistics, MAC layer history, alarms, events.

RMON 1 Event reporting groups 17 RMON 1 Group Function Elements Alarms Periodically takes statistical samples from variables in the probe and compares them with previously configured thresholds. If the monitored variable crosses a threshold, an event is generated. Includes the alarm table: alarm type, interval, starting threshold, stop threshold. Note: The Alarms group requires the implementation of the Events group. Events Controls the generation and notification of events from this device. Event type, description, the last time the event was sent.

RMON 1 Filter and packet capture groups 18 RMON 1 Function Group Elements Filters Enables packets to be matched by a filter equation. These matched packets form a data stream that might be captured or that might generate events Bit-filter type (mask or not mask), filter expression (bit level), conditional expression (and, or, not) to other filters. Packet Capture Enables packets to be captured Size of buffer for captured packets, full status (alarm), and number of captured packets.

ATM RMON 19

ATM RMON 20 � ATM protocol IDs for RMON 2 define additional objects needed at the higher-level layers. � Particular attention needs to be paid to the following � issues: high speed, cell vs. frames, and connection-oriented nature of ATM. � There are four different collection perspectives that are possible for ATM RMON.

RMON summary 21 The principles of RMON are as follows: ü It is a set of standardized MIB variables monitoring networks. ü It offers information that lets administrators analyze network utilization, including data and error statistics. ü RMON 1 includes only data link layer (Layer 2) details. ü RMON 2 offers network layer to application layer details (Layer 3 and up). ü Collection data is accessible via SNMP. ü The MIB objects are intended as an interface between a network agent and a management application; they are not intended for direct manipulation by humans. These functions should be handled by the network management application.