Chapter 8 RMON The success of SNMP management resulted in the rapid growth of managed network components in computer networks.SNMPy1 provided the foundation for monitoring a network remotely from a centralized network operations center (NOC)and performing fault and configuration management.However,the extent to which network performance could be managed was limited.The characterization of computer network performance is statistical in nature.That led to the logical step of measuring the statistics of important parameters in the network from the NOC and development of remote network monitoring specifications
Chapter 8 RMON The success of SNMP management resulted in the rapid growth of managed network components in computer networks. SNMPv1 provided the foundation for monitoring a network remotely from a centralized network operations center (NOC) and performing fault and configuration management. However, the extent to which network performance could be managed was limited. The characterization of computer network performance is statistical in nature. That led to the logical step of measuring the statistics of important parameters in the network from the NOC and development of remote network monitoring specifications
8.1 What Is Remote Monitoring? In Chapter 5 we gave some examples of SNMP messages going across a network between a manager and an agent.We did so with a tool that "sniffs" every packet going across a LAN,opens it,and analyzes it.It is a passive operation and does nothing to the packets,which continue on to their destinations. This approach is called monitoring (or probing)the network,and the device that performs that function is called a network monitor (or probe).We need to make a distinction between the two components of a probe:(1)the physical object that is connected to the transmission medium,and (2)the processor that analyzes the data.If both are at the same place geographically,the probe is local,which is how sniffers used to function
8.1 What Is Remote Monitoring? In Chapter 5 we gave some examples of SNMP messages going across a network between a manager and an agent. We did so with a tool that "sniffs" every packet going across a LAN, opens it, and analyzes it. It is a passive operation and does nothing to the packets, which continue on to their destinations. This approach is called monitoring (or probing) the network, and the device that performs that function is called a network monitor (or probe). We need to make a distinction between the two components of a probe: (1) the physical object that is connected to the transmission medium, and (2) the processor that analyzes the data. If both are at the same place geographically, the probe is local, which is how sniffers used to function
Remote FDDI LAN Router with RMON FDDI Probe FDDI Backbone Network Router Bridge Router NMS Remote Token Ring LAN Ethernet Probe Token Ring Probe Figure 8.1 Network Configuration with RMONs
Chapter 8 RMON 8.2 RMON SMI and MIB RMON MIB which defines RMON groups has been developed in three stages.The original RMON MIB, now referred to as RMON1,was developed for the Ethernet LAN in November 1991 [RFC 1271],but it was made obsolete in 1995 [RFC 1757].Token ring extensions to RMON1 were developed in September 1993 RFC 1513].The use of RMONI for remote monitoring was extremely beneficial,but RMONI addressed parameters at the OSI layer 2 only.Hence RMON2 [RFC 2021]was developed and released in January 1997;it addressed the parameters associated with OSI layers 3-7. The RMON group is node 16 under MIB-II (mib-2 16).All the groups are shown in Figure 8.2
Chapter 8 RMON 8.2 RMON SMI and MIB RMON MIB which defines RMON groups has been developed in three stages. The original RMON MIB, now referred to as RMON1, was developed for the Ethernet LAN in November 1991 [RFC 1271], but it was made obsolete in 1995 [RFC 1757]. Token ring extensions to RMON1 were developed in September 1993 [RFC 1513]. The use of RMON1 for remote monitoring was extremely beneficial, but RMON1 addressed parameters at the OSI layer 2 only. Hence RMON2 [RFC 2021] was developed and released in January 1997; it addressed the parameters associated with OSI layers 3-7. The RMON group is node 16 under MIB-II (mib-2 16). All the groups are shown in Figure 8.2
rmon (mib-2 16) rmonConformance(20) statistics(1) probeConfig(19) history(2) usrHistory (18) alarm(3) a1Matrix(17) host(4) a1Host(16) hostTopN(5) n1Matrix (15) matrix(6) n1Host(14) filter (7) addressMap (13) capture(8) protocolDist(12) event(g)】 protocolDir(11) e A itokenRing(10) A RMON1 Extension 8iM bns IM2 3sy用woe9n0hsis2o6ug1n0o0g1地B Figure 8.2 RMON GroupTd
8.3.2 RMON1 Groups and Functions RMON1 performs numerous functions at the data link layer.Figure 8.3 depicts the RMON1 groups and functions.The data gathering modules,which are LAN probes,gather data from the remotely monitored network comprising Ethernet and token ring LANs. The data can serve as inputs to five sets of functions, three of which monitor traffic statistics.The host and conversation statistics group deals with traffic data associated with the hosts,ranking the traffic for the top N hosts,and conversation between hosts.The group of statistical data associated with Ethernet LAN-namely, Ethernet statistics and Ethernet history statistics-is addressed by the groups and functions in the Ethernet statistics box.The history control table controls the data to be gathered from various networks
8.3.2 RMON1 Groups and Functions RMON1 performs numerous functions at the data link layer. Figure 8.3 depicts the RMON1 groups and functions. The data gathering modules, which are LAN probes, gather data from the remotely monitored network comprising Ethernet and token ring LANs. The data can serve as inputs to five sets of functions, three of which monitor traffic statistics. The host and conversation statistics group deals with traffic data associated with the hosts, ranking the traffic for the top N hosts, and conversation between hosts. The group of statistical data associated with Ethernet LAN-namely, Ethernet statistics and Ethernet history statistics-is addressed by the groups and functions in the Ethernet statistics box. The history control table controls the data to be gathered from various networks
Token Ring Statistics Token Ring Token Ring History Statistics History Control 2@09 26590 Ethernet Statistics Ethernet Ethernet History Statistics History Control Remotely Host and Conversation Statistics Data Monitored Host hostTopN Matrix Network Network Gathering Statistics Statistics Statistics Manager Filter Group Packet Channel Packet Filtering Filtering Capture Alarm Event Generation Generation 5 Figure 8.3 RMONI Groups and Functions
8.3.4 RMON1 Common and Ethernet Groups The nine common RMON 1 and Ethernet groups are: The Statistics Group.The statistics group contains statistics measured by the probe for each monitored Ethernet interface on a device.The etherStatsTable in this group has an entry for each interface.The data include statistics on packet types,sizes,and errors.Also provided is the capability to gather statistics on collisions of the Ethernet segment.The number of collisions is a best estimate,as the number detected depends on where the probe is placed on the segment. The statistics group is used to measure live statistics on nodes and segments.Commercial network management systems include features such as dynamic presentation of various traffic patterns.The number of MIB collisions can also be used to generate an alarm when the number exceeds a set high threshold value
8.3.4 RMON1 Common and Ethernet Groups The nine common RMON 1 and Ethernet groups are: The Statistics Group. The statistics group contains statistics measured by the probe for each monitored Ethernet interface on a device. The etherStatsTable in this group has an entry for each interface. The data include statistics on packet types, sizes, and errors. Also provided is the capability to gather statistics on collisions of the Ethernet segment. The number of collisions is a best estimate, as the number detected depends on where the probe is placed on the segment. The statistics group is used to measure live statistics on nodes and segments. Commercial network management systems include features such as dynamic presentation of various traffic patterns. The number of MIB collisions can also be used to generate an alarm when the number exceeds a set high threshold value
Chapter 8 RMON The History Group.The history group consists of two subgroups:the history control group and the history (data)group.The history control group controls the periodic statistical sampling of data from various types of networks.The control table stores configuration entries comprising interface,polling period,and other parameters.The information is stored in a media- specific table,the history table,which contains one entry for each specific sample.Short-term and long- term intervals,such as 30-second and 30-minute intervals,may be specified to obtain two different statistics.The data objects defined are dropped events, number of octets and packets,different types of errors, fragments,collisions,and utilization
