Remote Network Monitoring Alarms and Filters Prof Choong
- Slides: 23
Remote Network Monitoring Alarms and Filters Prof. Choong Seon HONG Kyung Hee University 1
Overview q Dealing with alarms and the filtering and capturing of packets alarm group filter group Packet capture group event group Kyung Hee University 2
9. 1 alarm Group q defines a set of thresholds for network performance If a threshold is crossed in the appropriate direction, an alarm is generated and sent to the central console q consists of a single table, alarm. Table each entry in the table specifies a particular variable to be monitored, a sampling interval, threshold parameters the single entry contains the recent sample value, that is, the value observed at the end of the last sampling interval q alarm. Table including following objects alarm. Index alarm. Interval alarm. Varible alarm. Sample. Type Kyung Hee University 3
alarm Group (cont’d) q alarm. Table including following objects (cont’d) alarm. Index alarm. Interval alarm. Varible alarm. Sample. Type : having absolute. Value(1) and delta. Value alarm. Startup. Alarm alarm. Rising. Threshold alarm. Falling. Threshold alarm. Rising. Event. Index alarm. Falling. Event. Index Kyung Hee University 4
alarm Group (cont’d) Kyung Hee University 5
alarm Group (cont’d) q Alarm scheme the monitor or a management station can define a new alarm by creating a new row in the alarm. Table. combination of variable, sampling interval, and threshold parameter is unique to a given row The rising threshold is crossed if the current sampled value is greater than or equal to the rising threshold and the value at the last sampling interval was less than the threshold The falling threshold is crossed if the current sampled value is less than or equal to the falling threshold and the value at the last sampling interval was greater than the threshold q Two types of values for alarms absolute. Value : the value of an object at the time of sampling delta. Value : difference in values for the object over successive sampling periods (rate of change) Kyung Hee University 6
alarm Group (cont’d) q The rules for the generation of rising-alarm events (see page 254) alarm. Startup. Alarm value of rising. Alarm or rising. Or. Falling Kyung Hee University 7
alarm Group (cont’d) q The fluctuations in the value produce another crossing of the rising threshold; this crossing is not counted as an alarm event since it does not satisfy the rules spelled out in the preceding list Kyung Hee University 8
alarm Group (cont’d) q Hysteresis mechanism State of alarm-generation mechanism Rising-alarm state Falling alarm triggered Rising alarm triggered Falling-alarm state Falling threshold Kyung Hee University Rising threshold Sampled object value 9
alarm Group (cont’d) q delta. Value be sampled with greater precision than indicated by alarm. Interval q The delta sample should be taken twice period Time (t) 0 10 20 Observed value 0 19 32 Delta value 0 19 13 (X) if ( rising threshold=20) Time (t) 0 5 10 15 20 Observed value 0 10 19 30 32 Delta value 0 10 9 11 2 Kyung Hee University 10
filter group q provides a means by which a management station can instruct a monitor to observe selected packets on a particular interface q Two kinds of filter data filter : allowing the monitor to screen observed packets on the basis of a bit pattern that a portion of the packet matches (or fail to match) status filter : allowing the monitor to screen observed packets on the basis of their status (for example, valid, CRC error) Kyung Hee University 11
filter group (cont’d) q Filter logic input = the incoming portion of a packet to be filtered filter. Pkt. Data = the bit pattern to be tested for, filter. Pkt. Data. Mask = the relevant bits to be tested for, filter. Pkt. Data. Not. Mask = indication of whether to test for a match or a mismatch q An example of the use of the filter test in case of Ethernet filter. Pkt. Dat. Offset = 0 filter. Pkt. Data = 0 x 00000 A 500000 BB filter. Pkt. Data. Mask 0 x. FFFFFFFFFFFF filter. Pkt. Data. Not. Mask Kyung Hee University = = 0 x 000000 FFFFFF 12
filter group (cont’d) Kyung Hee University 13
filter group (cont’d) q Channel Definition the stream of packets that pass the test The packet is passed through each of the filters defined for that channel filter logic for channel i if channel. Accept. Type = accept. Matched (1) Kyung Hee University 14
filter group (cont’d) q RMON filter group structure Kyung Hee University 15
filter group (cont’d) q filter group structure consists of two control tables associated with that channel are one or more rows in the filter. Table read page 265 Kyung Hee University 16
Packet capture group q The packet capture group can be used to set up a buffering scheme for capturing packets from one of the channels in the filter group Kyung Hee University 17
Packet capture group (cont’d) q consisting of two groups buffer. Control. Table : specifying the details of the buffering function capture. Buffer. Table : buffering the data q Refer to page 266 Kyung Hee University 18
Packet capture group (cont’d) q Kyung Hee University 19
Packet capture group (cont’d) q the relationship between the control table Identifier in buffer and the data table Kyung Hee University 20
9. 4 event Group q An event is triggered by a condition located elsewhere in the MIB, and an event can trigger an action defined elsewhere in the MIB q An event may also cause information to be logged in this group and may cause an SNMP trap message to be issued. q Also, an event that is defined in this group can be used to trigger activity related to another group. For example, an event can trigger turning a channel on or off q Refer to Page 271 q One key use of the event group is in conjunction with the alarm group The alarm group can define rising-threshold and falling threshold events that are referenced by indexing into the event. Table Kyung Hee University 21
event Group (cont’d) q Kyung Hee University 22
9. 5 Practical Issues q Packet capture overload A preferred alternative is to do much of the analysis locally, at the monitor, and send much more aggregated results to the management station. The packet capture feature of RMON can be useful if used intelligently l l for example, broadcast storm RMON can be used to capture packets to and from the suspect device, for analysis by the network manager at the management station q Interoperability RMON manager program must be able to work with a variety of RMON probes Kyung Hee University 23
Remote monitoring in network management
Network management principles and practice
Remote network monitoring
Fire alarms olive branch
Vision alarms
Choong seon hong
Choong seon hong
Choong seon hong
Choong seon hong
Choong seon hong
Choong seon hong
Mayonnaise process flow chart
Choong seon hong
Choong seon hong
Remote magnet monitoring
"ascension health" "hospital"
Wet etch clean filters
Filters and transitions in dhtml
Difference between linear and nonlinear spatial filters
Impulse erp
High pass and low pass filters
Impulse invariant method formula
Remote network security services
Filters in weka
