Remote Monitoring (RMON) RMON specification is primarily a definition of a MIB RMON specification is primarily a definition of a MIB RFC 1757/2819 Remote network monitoring management information base RFC 1757/2819 Remote network monitoring management information base RFC 2021 Remote network monitoring management information base II RFC 2021 Remote network monitoring management information base II RFC 2074 Remote network monitoring MIB identifier RFC 2074 Remote network monitoring MIB identifier
Goals (RFC1757) Off-line operation Off-line operation –reduce polling from manager Proactive monitoring Proactive monitoring –Monitor can run diagnostics and log network performance (if sufficient resources) Problem detection and reporting Problem detection and reporting –Active probing of the network –The consumption of network resources –Passively recognize certain error conditions such as congestion on the traffic that it observes –Log the condition and attempt to notify the management station
Goals (RFC1757) con’t Value-added-data Value-added-data –Monitor can perform analyses specific to the data collected on its subnetwork –Analyse subnetwork traffic to determine which hosts generate the most traffic or errors on the subnetwork Multiple managers Multiple managers –Support more than one manager –To improve reliability, to perform different functions
Fig 8.1 Fig 8.1
Control of remote monitors RMON MIB contains features that support extensive control from the management station RMON MIB contains features that support extensive control from the management station 2 categories of RMON MIB features 2 categories of RMON MIB features –Configuration –Action invocation
Configuration & Active invocation Configuration Configuration –Each MIB group consists of one or more control tables and data tables Control table – read/write contains parameter that describe the data in data table Control table – read/write contains parameter that describe the data in data table Data table – read only contains information that is defined by control table Data table – read only contains information that is defined by control table Action invocation Action invocation –Use SET operation to issue a command –RMON MIB defines objects to be represented several commands
Multiple Manager - Problems Concurrent requests for resources could exceed the capability of the monitor to supply those resources Concurrent requests for resources could exceed the capability of the monitor to supply those resources A management station could capture and hold monitor resources for long period of time A management station could capture and hold monitor resources for long period of time Resources could be assigned to management station that crashes without releasing the resources Resources could be assigned to management station that crashes without releasing the resources
Multiple Manager – Solution Ownership label is used for a particular row of the table Ownership label is used for a particular row of the table –A management station may recognize resources it owns and no longer need –A network operator can identify and negotiate the management station to free the resources –A network operator may have the authority unilaterally to free resources another network operator has reserved –If a management station experiences a reinitialization, it can recognize resources it had reserved in the past and free those it no longer needs
Ownership concept Ownership label contains one or more of the following: Ownership label contains one or more of the following: –IP address, management station name, network manager’s name, location or phone number However, the ownership label does not act as a password or access-control mechanism However, the ownership label does not act as a password or access-control mechanism Therefore, a row can be read-write by the management station who does not own the row Therefore, a row can be read-write by the management station who does not own the row
Fig 8.3 Fig 8.3
Good and Bad Packets RFC 2819 RFC 2819 Good packets are error-free packets that have a valid frame length. Good packets are error-free packets that have a valid frame length. For example, on Ethernet, good packets are error-free packets that are between 64 octets long and 1518 octets long. For example, on Ethernet, good packets are error-free packets that are between 64 octets long and 1518 octets long.
Bad packets are packets that have proper framing and are therefore recognized as packets, but contain errors within the packet or have an invalid length. Bad packets are packets that have proper framing and are therefore recognized as packets, but contain errors within the packet or have an invalid length. For example, on Ethernet, bad packets have a valid preamble and SFD, but have a bad CRC, or are either shorter For example, on Ethernet, bad packets have a valid preamble and SFD, but have a bad CRC, or are either shorter
The RMON MIB RMON (v1) MIB is incorporated into MIB-II with a subtree identifier of 16 (10 groups) RMON (v1) MIB is incorporated into MIB-II with a subtree identifier of 16 (10 groups) statistics: maintains low-level utilization and error statistics for each subnetwork monitored by the agent statistics: maintains low-level utilization and error statistics for each subnetwork monitored by the agent History: record periodic statiscal samples from information available in the statistic group History: record periodic statiscal samples from information available in the statistic group
RMON MIB Group alarm: allow the management console user to set a sampling interval and alarm threshold for any counter or integer recorded by the RMON probe alarm: allow the management console user to set a sampling interval and alarm threshold for any counter or integer recorded by the RMON probe host:contains counter for various types of traffic to and from hosts attached to the subnetwork host:contains counter for various types of traffic to and from hosts attached to the subnetwork hostTopN: contains sorted host statistics that report that top a list based on some parameter in the host table hostTopN: contains sorted host statistics that report that top a list based on some parameter in the host table
matrix: show error and utilization information in matrix form matrix: show error and utilization information in matrix form filter:allow the monitor to observe packet that match a filter filter:allow the monitor to observe packet that match a filter (Packet) capture: governs how data is sent to a management console (Packet) capture: governs how data is sent to a management console event: gives a table of all events generated by RMON probe event: gives a table of all events generated by RMON probe tokenRing:maintains statistics and configuration information for token ring subnetworks tokenRing:maintains statistics and configuration information for token ring subnetworks
Important note 1 All groups in the RMON MIB are optional but there are some dependencies All groups in the RMON MIB are optional but there are some dependencies The alarm group require the implementation of the event group The alarm group require the implementation of the event group The hostTopN group requires the implementation of the host group The hostTopN group requires the implementation of the host group The packet capture group require the implementation of the filter group The packet capture group require the implementation of the filter group
Important note 2 Collection of traffic statistics for one or more subnetworks Collection of traffic statistics for one or more subnetworks –statistics, history, host, hostTopN, matrix, tokenRing Various alarm conditions and filtering with user-defined Various alarm conditions and filtering with user-defined –alarm, filter, capture, event
Statistics Group (1) Fig 8-6 Fig 8-6
Statistics Group (2) Table 8.2 Table 8.2
Statistics Group (3)
Statistics Group (4) The statistics group provides useful information about the load and overall health of the subnetwork The statistics group provides useful information about the load and overall health of the subnetwork Various error conditions are counted such as CRC or alignment error, collision, undersized and oversized packets Various error conditions are counted such as CRC or alignment error, collision, undersized and oversized packets
History Group The history group is used to define sampling functions for one or more of the interfaces of the monitor The history group is used to define sampling functions for one or more of the interfaces of the monitor 2 tables 2 tables historyControltable – specify the interface and detail of sampling function historyControltable – specify the interface and detail of sampling function etherHistorytable – record data etherHistorytable – record data
Fig 8.7 Fig 8.7
historyControlTable historyControlIndex: index of entry which is the same number as used in etherhistoryTable historyControlIndex: index of entry which is the same number as used in etherhistoryTable historyControlDataSource: identify interface to be sampled historyControlDataSource: identify interface to be sampled historyControlBucketsRequested: the requested number of discrete sampling interval, a default value is 50 historyControlBucketsRequested: the requested number of discrete sampling interval, a default value is 50 historyControlBucketsGranted: the actual number of discrete sampling interval historyControlBucketsGranted: the actual number of discrete sampling interval historyControlInterval: interval in second, maximum is 3600 (1 hour),default value is 1800 historyControlInterval: interval in second, maximum is 3600 (1 hour),default value is 1800
Sampling scheme Consider by historyControlBucketGranted and historyControlInterval Consider by historyControlBucketGranted and historyControlInterval Ex. Use the default value of both Ex. Use the default value of both –the monitor would take a sample once every 1800 seconds ( 30 min) each sample is stored in a row of etherHistoryTable –The most 50 rows are retained
Utilization It calculates on the two counters :ehterStatsOctets and etherStatsPkts It calculates on the two counters :ehterStatsOctets and etherStatsPkts Utilization=100% x [(Packets x (96+64)))+(Ocetsx8)/interval x 10 7 ] Utilization=100% x [(Packets x (96+64)))+(Ocetsx8)/interval x 10 7 ] 64 bit – preamble 64 bit – preamble 96 bit – interframe gap 96 bit – interframe gap Assume data rate 10Mbps Assume data rate 10Mbps
Fig8.8 Fig8.8
Host Group To gather statistics about specific hosts on the LAN by observing the source and destination MAC addresses in good packets To gather statistics about specific hosts on the LAN by observing the source and destination MAC addresses in good packets Consists of 3 tables: Consists of 3 tables: –one control table (HostControlTable) –two data tables (hostTable,hostTimeTable) same information but index differently
hostControlTable hostControlIndex: hostControlIndex: –identify a row in the hostControlTable,refering to a unique interface of the monitor hostControlDatasource: hostControlDatasource: –identify the interface (the source of the data) hostControlTablesize: hostControlTablesize: –the number of rows in hostTable (hostTimeTable) hostControlLastDeleteTime: the last time that an entry (hostTable) was deleted hostControlLastDeleteTime: the last time that an entry (hostTable) was deleted
Fig 8.9 Fig 8.9
A simple RMON configuration Fig8.10 Fig8.10
hostTable hostAddress: MAC address of this host hostAddress: MAC address of this host hostCreationOrder: an index that defines the relative ordering of the creation time of hosts (index takes on a value 1-N) hostCreationOrder: an index that defines the relative ordering of the creation time of hosts (index takes on a value 1-N) hostIndex : the same number as hostControlIndex hostIndex : the same number as hostControlIndex
Counter in hostTable Table 8.3 Table 8.3
Fig 8.11 Fig 8.11
hostTopN Group To maintain statistics about the set of hosts on one subnetwork that top a list based on some parameters To maintain statistics about the set of hosts on one subnetwork that top a list based on some parameters Statistics that are generated for this group are derived from data in the host group Statistics that are generated for this group are derived from data in the host group The set of statistics for one object collected during one sampling interval is referred as report The set of statistics for one object collected during one sampling interval is referred as report
hostTopNControlTable (1) hostTopNControlIndex : hostTopNControlIndex : –identify row in hostTopNControlTable,defining one top-N report for one interface hostTopNHostIndex: hostTopNHostIndex: – match the value of hostControlIndex,specifying a particular subnetwork hostTopNRateBase: hostTopNRateBase: –specify one of seven variables from hostTable
hostTopNControlTable (2) Variable in hostTopNRate Variable in hostTopNRate –INTEGER { hostTopNInPkts (1), hostTopNOutPkts (2), hostTopNOutPkts (2), hostTopNInOctets (3), hostTopNInOctets (3), hostTopNOutOctets (4), hostTopNOutOctets (4), hostTopNOutErrors (5), hostTopNOutErrors (5), hostTopNOutBroadcastPkts (6), hostTopNOutBroadcastPkts (6), hostTopNOutMulticastPkt (7), hostTopNOutMulticastPkt (7),}
hostTopNControlTable (3) hostTopNTimeRemaining: hostTopNTimeRemaining: –time left during report currently being collected hostTopNDuration: hostTopNDuration: –sampling interval hostTopNRequestedSize: hostTopNRequestedSize: –maximum number of requested hosts for the top-N report hostTopNGrantedSize: hostTopNGrantedSize: –maximum number of hosts for the top-N report hostTopNStartTime: hostTopNStartTime: –the last start time
hostTopNTable hostTopNReport: hostTopNReport: –same value as hostToNControlIndex hostTopNIndex: hostTopNIndex: –uniquely identify a row hostTopNAddress: hostTopNAddress: –MAC address hostTopNRate: hostTopNRate: –the amount of change in selected variable during sampling interval
Report preparation (1) A management station creates a row of the control table to specify a new report. A management station creates a row of the control table to specify a new report. This control entry instructs the monitor to measure the difference between the beginning and ending values of a particular host group variable over a specific sampling period This control entry instructs the monitor to measure the difference between the beginning and ending values of a particular host group variable over a specific sampling period The sampling period value is stored in both hostTopNDuration and hostTopNTimeRemaining The sampling period value is stored in both hostTopNDuration and hostTopNTimeRemaining
Report preparation (2) The value in hostTopNDuration is static and the value in hostTopNTimeRemaining counts second down while preparing report The value in hostTopNDuration is static and the value in hostTopNTimeRemaining counts second down while preparing report When hostTopNTimeRemaining reaches 0 The monitor calculates the final results and creates a set of N data rows When hostTopNTimeRemaining reaches 0 The monitor calculates the final results and creates a set of N data rows To generate additional report for a new time period, get the old report and reset hostTopNTimeRemaining to the value of hostTopNDuration To generate additional report for a new time period, get the old report and reset hostTopNTimeRemaining to the value of hostTopNDuration
Fig 8.12 Fig 8.12
Fig 8.13 Fig 8.13
Matrix group To record information about the traffic between pairs of hosts on a subnetwork To record information about the traffic between pairs of hosts on a subnetwork The information is stored in the form of a matrix The information is stored in the form of a matrix Consists of 3 tables Consists of 3 tables –One control table - matrixControlTable –Two data table – matrixSDTable (traffic from one host to all others), matrixDSTable (traffic from all hosts to one particular host
matrixControlTable matrixControlIndex: matrixControlIndex: – identify a row in the matrixControlTable matrixControlDataSource: matrixControlDataSource: –identify interface matrixControlTableSize: matrixControlTableSize: –the number of rows in the matrixSDTable matrixControlLastDeleteTime: matrixControlLastDeleteTime: –the last time that an entry was deleted
Fig 8.14 Fig 8.14
matrixSDTable (matrixDSTable) matrixSDSourceAddress: the source MAC Address matrixSDSourceAddress: the source MAC Address matrixSDDestAddress: the destination MAC Address matrixSDDestAddress: the destination MAC Address matrixSDIndex: same value as matrixControlIndex matrixSDIndex: same value as matrixControlIndex matrixSDPkts: number of packets transmitted from this source add. to destination add. including bad packet matrixSDPkts: number of packets transmitted from this source add. to destination add. including bad packet matrixSDOctets: number of octets contained in all packets matrixSDOctets: number of octets contained in all packets matrixSDErrors:number of bad packets transmitted from this source add. to destination add. matrixSDErrors:number of bad packets transmitted from this source add. to destination add.
matrixSDTable - operation Indexed first by matrixSDIndex then source address then by destination address,for matrixDSTable the source address is the last Indexed first by matrixSDIndex then source address then by destination address,for matrixDSTable the source address is the last The matrixSDTable contains 2 rows for every pair of hosts The matrixSDTable contains 2 rows for every pair of hosts –One row per direction