1 / 38

IT 4333 – Network Admin & Management

IT 4333 – Network Admin & Management. RMON From: Byte Magazine, Javvin.com, Cisco.com, Wikipedia, and IETF. Part 1, from Cisco.com. http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rmon.htm. Defintion: RMON.

Download Presentation

IT 4333 – Network Admin & Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IT 4333 – Network Admin & Management RMONFrom: Byte Magazine, Javvin.com, Cisco.com, Wikipedia, and IETF IT 4333, Fall 2006

  2. Part 1, from Cisco.com http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rmon.htm IT 4333, Fall 2006

  3. Defintion: RMON • Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data. • Two versions: • RMON1 • RMON2 IT 4333, Fall 2006

  4. Definition • The RMON specification defines a set of statistics and functions that can be exchanged between RMON-compliant console managers and network probes. • An extension of SNMP MIBs. • As such, RMON provides network administrators with comprehensive network-fault diagnosis, planning, and performance-tuning information. IT 4333, Fall 2006

  5. Standards (RFC) • RMON was defined by the user community with the help of the Internet Engineering Task Force (IETF). • It became a proposed standard in 1992 as RFC 1271 (for Ethernet). RMON then became a draft standard in 1995 as RFC 1757, effectively obsoleting RFC 1271. IT 4333, Fall 2006

  6. An RMON Probe Can Send Statistical Information to an RMON Console IT 4333, Fall 2006

  7. RMON Groups • RMON delivers information in nine RMON groups of monitoring elements, each providing specific sets of data to meet common network-monitoring requirements. • Each group is optional so that vendors do not need to support all the groups within the Management Information Base (MIB). • Some RMON groups require support of other RMON groups to function properly. IT 4333, Fall 2006

  8. RMON Group: Statistics • Function:Contains statistics measured by the probe for each monitored interface on this device. • Elements of MIB:Packets dropped, packets sent, bytes sent (octets), broadcast packets, multicast packets, CRC errors, runts, giants, fragments, jabbers, collisions, and counters for packets ranging from 64 to 128, 128 to 256, 256 to 512, 512 to 1024, and 1024 to 1518 bytes. IT 4333, Fall 2006

  9. RMON Group: History • Function:Records periodic statistical samples from a network and stores them for later retrieval. • Elements of MIB:Sample period, number of samples, items sampled IT 4333, Fall 2006

  10. RMON Group: Alarm • Function:Periodically takes statistical samples from variables in the probe and compares them with previously configured thresholds. If the monitored variable crosses a threshold, an event is generated. • Elements of MIB:Includes the alarm table and requires the implementation of the event group. Alarm type, interval, starting threshold, stop threshold. IT 4333, Fall 2006

  11. RMON Group: Host • Function:Contains statistics associated with each host discovered on the network. • Elements of MIB:Host address, packets, and bytes received and transmitted, as well as broadcast, multicast, and error packets. IT 4333, Fall 2006

  12. RMON Group: HostTopN • Function:Prepares tables that describe the hosts that top a list ordered by one of their base statistics over an interval specified by the management station. Thus, these statistics are rate-based. • Elements of MIB:Statistics, host(s), sample start and stop periods, rate base, duration. IT 4333, Fall 2006

  13. RMON Group: Matrix • Function:Stores statistics for conversations between sets of two addresses. As the device detects a new conversation, it creates a new entry in its table. • Elements of MIB:Source and destination address pairs and packets, bytes, and errors for each pair. IT 4333, Fall 2006

  14. RMON Group: Filters • Function:Enables packets to be matched by a filter equation. These matched packets form a data stream that might be captured or that might generate events. • Elements of MIB:Bit-filter type (mask or not mask), filter expression (bit level), conditional expression (and, or not) to other filters. IT 4333, Fall 2006

  15. RMON Group: Packet Capture • Function:Enables packets to be captured after they flow through a channel. • Elements of MIB:Size of buffer for captured packets, full status (alarm), number of captured packets. IT 4333, Fall 2006

  16. RMON Group: Events • Function:Controls the generation and notification of events from this device. • Elements of MIB:Event type, description, last time event sent. IT 4333, Fall 2006

  17. Huh? • I'm lost…. • Let's try Wikipedia… IT 4333, Fall 2006

  18. Definition from Wikipediahttp://en.wikipedia.org/wiki/RMON • RMON stands for Remote Monitoring. • It is a standard used in telecommunications equipment e.g. in routers, which implement a MIB (Management Information Base) which allows for remote monitoring and management of network equipment. • RMON uses an agent running on the device being monitored to supply information over SNMP to a management workstation (or some other system). IT 4333, Fall 2006

  19. ?? … that doesn't help much… IT 4333, Fall 2006

  20. Let's try a 1995 article from BYTE http://www.byte.com/art/9506/sec13/art4.htm • Recognizing that managers need to somehow see what's going on at distant locations, the IETF (Internet Engineering Task Force) has developed specifications for an RMon (remote monitoring) system that keeps tabs on the state of distant networks. • RMon is an extension of the IETF's SNMP, which is commonly used to manage large networks. • The idea behind RMon is to distribute, throughout a network, probes that collection information about the traffic on that network. IT 4333, Fall 2006

  21. Difference between SNMP and RMON • The difference between SNMP and RMon is that SNMP monitors and manages network devices like hubs and bridges, while RMon monitors LAN traffic! IT 4333, Fall 2006

  22. … continued… • With RMon, some of the management intelligence is moved out onto the network, where RMon probes alert a centralized console whenever a threshold, such as number of packets, is exceeded. IT 4333, Fall 2006

  23. Typical use of RMon • one probe would be located on each LAN segment • The probe would monitor data transmission on that segment and organize the information it collects into a format that makes it easy for a manager at a central site to analyze traffic patterns and diagnose problems at remote sites. IT 4333, Fall 2006

  24. RMON vs. Protocol Analyzers? • "Naturally, there's some overlap in the functions of an RMon probe and a protocol analyzer. For example, many protocol analyzers can perform trend analysis on the data they collect. " • (Is this true? This is from 1995…) IT 4333, Fall 2006

  25. Probably still true. • The way the two technologies can work to complement one another is to use RMon to • baseline networks, • study usage trends, • and identify potential problems before they cause trouble for users. • This will help reduce the number of trips to remote sites that technicians must make to solve problems • And when a problem requires higher-level diagnostics to be performed, use a protocol analyzer. IT 4333, Fall 2006

  26. Benefits? • The benefit of an RMon system is that it automatically collects information about the traffic on a LAN segment that is in a remote location. • For a manager responsible for many LAN segments that are not all in the same location, that can be a great cost-saving benefit. IT 4333, Fall 2006

  27. Typical implementation (from Byte) IT 4333, Fall 2006

  28. We need more details…so let's try Javvin. (Something more up to date..) • http://www.javvin.com/protocolRMON.html • Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data. • RMON provides network administrators with more freedom in selecting network-monitoring probes and consoles with features that meet their particular networking needs. IT 4333, Fall 2006

  29. Difference between RMON & SNMP • RMON was originally developed to address the problem of managing LAN segments and remote sites from a central location. • The RMON specification, which is an extension of the SNMP MIB, is a standard monitoring specification. IT 4333, Fall 2006

  30. Difference between RMON & SNMP • Within an RMON network monitoring data is defined by a set of statistics and functions and exchanged between various different monitors and console systems. • Resultant data is used to monitor network utilization for network planning and performance-tuning, as well as assisting in network fault diagnosis. IT 4333, Fall 2006

  31. Versions of RMON • There are 2 versions of RMON: RMON1 (RMONv1) and RMON2 (RMONv2). • RMON1 defined 10 MIB groups for basic network monitoring, which can now be found on most modern network hardware. • RMON2 (RMONv2) is an extension of RMON that focuses on higher layers of traffic above the medium access-control (MAC) layer. • RMON2 has an emphasis on IP traffic and application-level traffic. RMON2 allows network management applications to monitor packets on all network layers. IT 4333, Fall 2006

  32. RMON 1 and RMON 2(From www.javvin.com/protocol/RMON.html) IT 4333, Fall 2006

  33. RMOM Components • Two components: a probe (or an agent or a monitor), and a client, usually a management station. • Agents store network information within their RMON MIB and are normally found as embedded software on network hardware such as routers and switches although they can be a program running on a PC. IT 4333, Fall 2006

  34. How do agents work? • Agents can only see the traffic that flows through them so they must be placed on each LAN segment or WAN link that is to be monitored. • Clients, or management stations, communicate with the RMON agent or probe, using SNMP to obtain and correlate RMON data. IT 4333, Fall 2006

  35. RMON 2 MIB groups • Protocol Directory: The Protocol Directory is a simple and interoperable way for an RMON2 application to establish which protocols a particular RMON2 agent implements. This is especially important when the application and the agent are from different vendors • Protocol Distribution: Mapping the data collected by a probe to the correct protocol name that can then be displayed to the network manager. • Address mapping: Address translation between MAC-layer addresses and network-layer addresses which are much easier to read and remember. Address translation not only helps the network manager, it supports the SNMP management platform and will lead to improved topology maps. • Network Layer host" Network host (IP layer) statistics IT 4333, Fall 2006

  36. RMON 2 MIB groups, continued.. • Network layer matrix: Stores and retrieves network layer (IP layer) statistics for conversations between sets of two addresses. • Application layer host: Application host statistic • Application layer matrix: Stores and retrieves application layer statistics for conversations between sets of two addresses. • User history: This feature enables the network manager to configure history studies of any counter in the system, such as a specific history on a particular file server or a router-to-router connection • Probe configuration: This RMON2, feature enable one vendor's RMON application to remotely configure another vendor's RMON probe. IT 4333, Fall 2006

  37. Bibliography(Review these articles…) IT 4333, Fall 2006

  38. Questions? IT 4333, Fall 2006

More Related