POSTECH DP&NM Lab

Remote Network Monitoring (RMON)

J. Won-Ki Hong Dept. of Computer Science and Engineering POSTECH Tel: 054-279-2244 Email: [email protected]
1

Table of Contents
Basic Concepts RMON Goals RMON MIB Table Management RMON MIB Groups RMON2

POSTECH DP&NM Lab

RMON Basic Concepts

POSTECH DP&NM Lab

Extends the SNMP functionality without changing the protocol Allows the monitoring of remote networks (internetwork management) MAC-layer (layer 2 in OSI) monitoring Defines a Remote MONitoring (RMON) MIB that supplements MIB-II
with MIB-II, the manager can obtain information on individual devices only with RMON MIB, the manager can obtain information on the LAN as a whole

called network monitors, analyzers or probes

3

RMON RFCs
RFC
11 11 11 11

POSTECH DP&NM Lab

Date

Title

Sept. 1111 T oken Ring Extensions to the Remote Network Monitoring MIB Feb. 1111 Remote Network Monitoring Management Information Base (RMON MIB) Jan. 1111 Remote Network Monitoring Management Information Base Version1 using SMIv (RMON MIB ) 1 1
4

11 11

RMON Goals

POSTECH DP&NM Lab

Monitoring subnetwork-wide behavior Reducing the burden on agents and managers Continuous off-line monitoring in the presence of failures (in network or manager) Proactive monitoring
perform some of the manager functions (e.g., diagnostics)

Problem detection and reporting Provide value-added (analyzed) data Support multiple managers
5

Example Configuration for Remote Monitoring

Management console with RMON probe Ethernet Router Router Local management console with RMON probe Central Site Router Router Router Router Ethernet FDDI backbone Bridge Bridge

POSTECH DP&NM Lab

Router Router

PC with RMON probe

Router with RMON probe Token Ring LAN

Ethernet PC with RMON probe 6

Example of RMON probe with two interfaces

agent a agent b agent c

POSTECH DP&NM Lab

Interface 1 RMON probe Interface 2

Subnetwork X

Subnetwork Y
agent d agent e
7

Control of Remote Monitors

RMON MIB contains features that support extensive control from NMS
Configuration control Action Invocation

POSTECH DP&NM Lab

RMON MIB is organized into a number of functional groups Each group may contain one or more control tables and one or more data tables Control table (typically read-write) contains parameters that describe the data in a data table (typically read-only)
8

Configuration Control

POSTECH DP&NM Lab

At configuration time, NMS sets the appropriate control parameters to configure the remote monitor to collect the desired data
the parameters are set by adding a new row to the control table or by modifying an existing row a control table may contain objects that specify the source of data to be collected, the type of data, the collection timing, etc.

To modify or disable a particular data collection function:

it is necessary first to invalidate the control row this causes the deletion of that row and the deletion of all associated rows in data tables NMS can create a new control row with the modified parameters

RMON MIB Table Mgmt (1)

POSTECH DP&NM Lab

The RMON specification includes a set of textual conventions and procedural rules for row addition and deletion Textual conventions OwnerString ::= DisplayString EntryStatus ::= INTEGER { valid (1), createRequest (2), underCreation (3), invalid (4) }
10

RMON MIB Table Mgmt (2)

Row Addition

POSTECH DP&NM Lab

is achieved by using the SNMP SetRequest PDU which includes instance objects and their values

Row Deletion
is achieved by setting the status object for that row to invalid

Row Modification
is achieved by first invalidating the row and then adding the row with new object instance values

11

Example Control & Data Tables

rm1ControlTable
rmlControlIndex
1 2 3

POSTECH DP&NM Lab

rmlControlParameter rmlControlOwner
5 26 19 monitor manager alpha manager beta

rmlControlStatus
valid (1) valid (1) valid (1)

rm1DataTable
rmlDataControlIndex
1 2 2 2 2 2 3 3

rmlDataIndex
1 1 2 3 4 5 1 2

rmlDataValue
46 96 85 77 27 92 86 26

12

POSTECH DP&NM Lab

Transitions of EntryStatus State

nonexistent

create Request

under Creation

valid

performed by manager performed by agent

invalid
13

RMON MIB
rmon (mib-2 16) statistics (1) history (2) alarm (3) host (4) hostTopN (5) matrix (6) filter (7) capture (8) event (9) tokenRing (10)

POSTECH DP&NM Lab

14

POSTECH DP&NM Lab

RMON MIB Groups

1. statistics: maintains MAC-level utilization and error stats 2. history: records periodic statistical samples from the stats group 3. alarm: allows NMS to set sampling interval & alarm threshold 4. host: contains counters for traffic from hosts on the subnetwork 5. hostTopN: contains sorted host stats that top a list based on
some parameter in the host table

6. matrix: shows utilization and error stats in matrix for host pairs 7. filter: allows the monitor to observe packets that match a filter 8. capture: specifies how data is sent to NMS 9. event: specifies events to be generated by the RMON probe 10. tokenRing: maintains stats & config info for token ring subnet
15

RMON MIB2

POSTECH DP&NM Lab

RMON MIB monitors MAC-level subnet traffic RMON MIB2 can monitor traffic of packets at layers 3 to 7 of the OSI Reference Model Provides Network-layer Visibility
can distinguish between local LAN and remote LAN traffic

Provides Application-layer Visibility

can analyze traffic to and from hosts for particular applications can determine which applications are putting the load on the net

RMON MIB2 is basically an extension of RMON MIB

16

RMON MIB2
rmon (mib-2 16) statistics (1) history (2) alarm (3) host (4) hostTopN (5) matrix (6) filter (7) capture (8) event (9) tokenRing (10) RMON 1

POSTECH DP&NM Lab

protocolDir (11) protocolDist (12) addressMap (13) nlHost (14) nlMatrix (15) alHost (16) alMatrix (17) usrHistory (18) probeConfig (19) RMON 2
17

POSTECH DP&NM Lab

RMON MIB2 Groups

11. protocolDir: a master directory of all of the protocols that the
probe can interpret

12. protocolDist: aggregate stats on the amount of traffic

generated by each protocol, per LAN segment

13. addressMap: contains MAC and port addresses of the

devices

14. nlHost: network layer traffic stats per host 15. nlMatrix: network layer traffic stats per pairs of hosts 16. alHost: application layer traffic stats per host 17. alMatrix: application layer traffic stats per pairs of hosts 18. userHistory: periodically samples and logs user-defined data 19. probeConfig: defines standard configuration parameters for18
RMON probes

Summary

POSTECH DP&NM Lab

RMON extends the SNMP functionality without changing the protocol RMON can monitor information on a whole subnetwork RMON is used extensively in analyzing network traffic for problem detection and network planning RMON2 allows monitoring of traffic at layers 3 to 7 in the OSI Model RMON2 can be used to analyze network traffic more accurately even to the application level Read Chapters 8, 9 and 10
19