Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nov 9, 2006 IT 4333, Fall 20061 IT 4333 – Network Admin & Management RMON From: Byte Magazine, Javvin.com, Cisco.com, Wikipedia, and IETF.

Published byAustin Terry Modified over 8 years ago

Similar presentations

Presentation on theme: "Nov 9, 2006 IT 4333, Fall 20061 IT 4333 – Network Admin & Management RMON From: Byte Magazine, Javvin.com, Cisco.com, Wikipedia, and IETF."— Presentation transcript:

1 Nov 9, 2006 IT 4333, Fall 20061 IT 4333 – Network Admin & Management RMON From: Byte Magazine, Javvin.com, Cisco.com, Wikipedia, and IETF

2 Nov 9, 2006 IT 4333, Fall 20062 Part 1, from Cisco.com http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rmon.htm

3 Nov 9, 2006 IT 4333, Fall 20063 Defintion: RMON Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data. Two versions: RMON1 RMON2

4 Nov 9, 2006 IT 4333, Fall 20064 Definition The RMON specification defines a set of statistics and functions that can be exchanged between RMON-compliant console managers and network probes. An extension of SNMP MIBs. As such, RMON provides network administrators with comprehensive network-fault diagnosis, planning, and performance-tuning information.

5 Nov 9, 2006 IT 4333, Fall 20065 Standards (RFC) RMON was defined by the user community with the help of the Internet Engineering Task Force (IETF). It became a proposed standard in 1992 as RFC 1271 (for Ethernet). RMON then became a draft standard in 1995 as RFC 1757, effectively obsoleting RFC 1271.

6 Nov 9, 2006 IT 4333, Fall 20066 An RMON Probe Can Send Statistical Information to an RMON Console

7 Nov 9, 2006 IT 4333, Fall 20067 RMON Groups RMON delivers information in nine RMON groups of monitoring elements, each providing specific sets of data to meet common network-monitoring requirements. Each group is optional so that vendors do not need to support all the groups within the Management Information Base (MIB). Some RMON groups require support of other RMON groups to function properly.

8 Nov 9, 2006 IT 4333, Fall 20068 RMON Group: Statistics Function: Contains statistics measured by the probe for each monitored interface on this device. Elements of MIB: Packets dropped, packets sent, bytes sent (octets), broadcast packets, multicast packets, CRC errors, runts, giants, fragments, jabbers, collisions, and counters for packets ranging from 64 to 128, 128 to 256, 256 to 512, 512 to 1024, and 1024 to 1518 bytes.

9 Nov 9, 2006 IT 4333, Fall 20069 RMON Group: History Function: Records periodic statistical samples from a network and stores them for later retrieval. Elements of MIB: Sample period, number of samples, items sampled

10 Nov 9, 2006 IT 4333, Fall 200610 RMON Group: Alarm Function: Periodically takes statistical samples from variables in the probe and compares them with previously configured thresholds. If the monitored variable crosses a threshold, an event is generated. Elements of MIB: Includes the alarm table and requires the implementation of the event group. Alarm type, interval, starting threshold, stop threshold.

11 Nov 9, 2006 IT 4333, Fall 200611 RMON Group: Host Function: Contains statistics associated with each host discovered on the network. Elements of MIB: Host address, packets, and bytes received and transmitted, as well as broadcast, multicast, and error packets.

12 Nov 9, 2006 IT 4333, Fall 200612 RMON Group: HostTopN Function: Prepares tables that describe the hosts that top a list ordered by one of their base statistics over an interval specified by the management station. Thus, these statistics are rate-based. Elements of MIB: Statistics, host(s), sample start and stop periods, rate base, duration.

13 Nov 9, 2006 IT 4333, Fall 200613 RMON Group: Matrix Function: Stores statistics for conversations between sets of two addresses. As the device detects a new conversation, it creates a new entry in its table. Elements of MIB: Source and destination address pairs and packets, bytes, and errors for each pair.

14 Nov 9, 2006 IT 4333, Fall 200614 RMON Group: Filters Function: Enables packets to be matched by a filter equation. These matched packets form a data stream that might be captured or that might generate events. Elements of MIB: Bit-filter type (mask or not mask), filter expression (bit level), conditional expression (and, or not) to other filters.

15 Nov 9, 2006 IT 4333, Fall 200615 RMON Group: Packet Capture Function: Enables packets to be captured after they flow through a channel. Elements of MIB: Size of buffer for captured packets, full status (alarm), number of captured packets.

16 Nov 9, 2006 IT 4333, Fall 200616 RMON Group: Events Function: Controls the generation and notification of events from this device. Elements of MIB: Event type, description, last time event sent.

17 Nov 9, 2006 IT 4333, Fall 200617 Huh? I'm lost…. Let's try Wikipedia…

18 Nov 9, 2006 IT 4333, Fall 200618 Definition from Wikipedia http://en.wikipedia.org/wiki/RMON RMON stands for Remote Monitoring. It is a standard used in telecommunications equipment e.g. in routers, which implement a MIB (Management Information Base) which allows for remote monitoring and management of network equipment.telecommunicationsrouters MIB RMON uses an agent running on the device being monitored to supply information over SNMP to a management workstation (or some other system). SNMPmanagement workstation

19 Nov 9, 2006 IT 4333, Fall 200619 ?? … that doesn't help much…

20 Nov 9, 2006 IT 4333, Fall 200620 Let's try a 1995 article from BYTE http://www.byte.com/art/9506/sec13/art4.htm Recognizing that managers need to somehow see what's going on at distant locations, the IETF (Internet Engineering Task Force) has developed specifications for an RMon (remote monitoring) system that keeps tabs on the state of distant networks. RMon is an extension of the IETF's SNMP, which is commonly used to manage large networks. The idea behind RMon is to distribute, throughout a network, probes that collection information about the traffic on that network.

21 Nov 9, 2006 IT 4333, Fall 200621 Difference between SNMP and RMON The difference between SNMP and RMon is that SNMP monitors and manages network devices like hubs and bridges, while RMon monitors LAN traffic!

22 Nov 9, 2006 IT 4333, Fall 200622 … continued… With RMon, some of the management intelligence is moved out onto the network, where RMon probes alert a centralized console whenever a threshold, such as number of packets, is exceeded.

23 Nov 9, 2006 IT 4333, Fall 200623 Typical use of RMon one probe would be located on each LAN segment The probe would monitor data transmission on that segment and organize the information it collects into a format that makes it easy for a manager at a central site to analyze traffic patterns and diagnose problems at remote sites.

24 Nov 9, 2006 IT 4333, Fall 200624 RMON vs. Protocol Analyzers? "Naturally, there's some overlap in the functions of an RMon probe and a protocol analyzer. For example, many protocol analyzers can perform trend analysis on the data they collect. " (Is this true? This is from 1995…)

25 Nov 9, 2006 IT 4333, Fall 200625 Probably still true. The way the two technologies can work to complement one another is to use RMon to baseline networks, study usage trends, and identify potential problems before they cause trouble for users. This will help reduce the number of trips to remote sites that technicians must make to solve problems And when a problem requires higher-level diagnostics to be performed, use a protocol analyzer.

26 Nov 9, 2006 IT 4333, Fall 200626 Benefits? The benefit of an RMon system is that it automatically collects information about the traffic on a LAN segment that is in a remote location. For a manager responsible for many LAN segments that are not all in the same location, that can be a great cost-saving benefit.

27 Nov 9, 2006 IT 4333, Fall 200627 Typical implementation (from Byte)

28 Nov 9, 2006 IT 4333, Fall 200628 We need more details…so let's try Javvin. (Something more up to date..) http://www.javvin.com/protocolRMON.html Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network- monitoring data. RMON provides network administrators with more freedom in selecting network-monitoring probes and consoles with features that meet their particular networking needs.

29 Nov 9, 2006 IT 4333, Fall 200629 Difference between RMON & SNMP RMON was originally developed to address the problem of managing LAN segments and remote sites from a central location. The RMON specification, which is an extension of the SNMP MIB, is a standard monitoring specification.

30 Nov 9, 2006 IT 4333, Fall 200630 Difference between RMON & SNMP Within an RMON network monitoring data is defined by a set of statistics and functions and exchanged between various different monitors and console systems. Resultant data is used to monitor network utilization for network planning and performance-tuning, as well as assisting in network fault diagnosis.

31 Nov 9, 2006 IT 4333, Fall 200631 Versions of RMON There are 2 versions of RMON: RMON1 (RMONv1) and RMON2 (RMONv2). RMON1 defined 10 MIB groups for basic network monitoring, which can now be found on most modern network hardware. RMON2 (RMONv2) is an extension of RMON that focuses on higher layers of traffic above the medium access-control (MAC) layer. RMON2 has an emphasis on IP traffic and application-level traffic. RMON2 allows network management applications to monitor packets on all network layers.

32 Nov 9, 2006 IT 4333, Fall 200632 RMON 1 and RMON 2 (From www.javvin.com/protocol/RMON.html)

33 Nov 9, 2006 IT 4333, Fall 200633 RMOM Components Two components: a probe (or an agent or a monitor), and a client, usually a management station. Agents store network information within their RMON MIB and are normally found as embedded software on network hardware such as routers and switches although they can be a program running on a PC.

34 Nov 9, 2006 IT 4333, Fall 200634 How do agents work? Agents can only see the traffic that flows through them so they must be placed on each LAN segment or WAN link that is to be monitored. Clients, or management stations, communicate with the RMON agent or probe, using SNMP to obtain and correlate RMON data.

35 Nov 9, 2006 IT 4333, Fall 200635 RMON 2 MIB groups Protocol Directory: The Protocol Directory is a simple and interoperable way for an RMON2 application to establish which protocols a particular RMON2 agent implements. This is especially important when the application and the agent are from different vendors Protocol Distribution: Mapping the data collected by a probe to the correct protocol name that can then be displayed to the network manager. Address mapping: Address translation between MAC-layer addresses and network-layer addresses which are much easier to read and remember. Address translation not only helps the network manager, it supports the SNMP management platform and will lead to improved topology maps. Network Layer host" Network host (IP layer) statistics

36 Nov 9, 2006 IT 4333, Fall 200636 RMON 2 MIB groups, continued.. Network layer matrix: Stores and retrieves network layer (IP layer) statistics for conversations between sets of two addresses. Application layer host: Application host statistic Application layer matrix: Stores and retrieves application layer statistics for conversations between sets of two addresses. User history: This feature enables the network manager to configure history studies of any counter in the system, such as a specific history on a particular file server or a router-to-router connection Probe configuration: This RMON2, feature enable one vendor's RMON application to remotely configure another vendor's RMON probe.

37 Nov 9, 2006 IT 4333, Fall 200637 Bibliography (Review these articles…) Byte Magazine Salamone, Salvatore "Simplfying Remote Management", 1995. http://www.byte.com/art/9506/sec13/art4.htm Cisco.com http://www.cisco.com/univercd/cc/td/doc/cisint wk/ito_doc/rmon.htm The Internet Society (IETF) Introduction to the Remote Monitoring (RMON) Family of MIB Modules, 2003 http://www.ietf.org/rfc/rfc3577.txt Javvin RMON: Remote Monitoring MIBs (RMON1 and RMON2) http://www.javvin.com/protocolRMON.html Wikipedia http://en.wikipedia.org/wiki/RMON

38 Nov 9, 2006 IT 4333, Fall 200638 Questions?

Download ppt "Nov 9, 2006 IT 4333, Fall 20061 IT 4333 – Network Admin & Management RMON From: Byte Magazine, Javvin.com, Cisco.com, Wikipedia, and IETF."

Similar presentations

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Chapter 8 RMON Chapter 8 Network Management: Principles and Practice © Mani Subramanian 2000 8-1.

Chapter 8 RMON Chapter 8 Network Management: Principles and Practice © Mani Subramanian
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Chapter 13 Network Design and Management

Chapter 13 Network Design and Management
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
Chapter 7 Data Link Layer

Chapter 7 Data Link Layer
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Introduction to Network Analysis and Sniffer Pro

Introduction to Network Analysis and Sniffer Pro
1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.

1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.
REMOTE MONITORING RMON1 (RFC 1757 - DRAFT) TOKEN RING EXTENSIONS TO RMON (RFC 1513 - PROPOSED) RMON2 (RFC 2021 - PROPOSED) SMON (RFC 2613 - PROPOSED) Copyright.

REMOTE MONITORING RMON1 (RFC DRAFT) TOKEN RING EXTENSIONS TO RMON (RFC PROPOSED) RMON2 (RFC PROPOSED) SMON (RFC PROPOSED) Copyright.
Chapter 15 Chapter 15: Network Monitoring and Tuning.

Chapter 15 Chapter 15: Network Monitoring and Tuning.
1 Pertemuan 08 Remote Monitoring Matakuliah: H0372/Manajemen Jaringan Tahun: 2005 Versi: 1/0.

1 Pertemuan 08 Remote Monitoring Matakuliah: H0372/Manajemen Jaringan Tahun: 2005 Versi: 1/0.
Network Management Management Tools –Desirable features Management Architectures Simple Network Management Protocol.

Network Management Management Tools –Desirable features Management Architectures Simple Network Management Protocol.
Ethernet Frame PreambleDestination Address Source Address Length/ Type LLC/ Data Frame Check Sequence.

Ethernet Frame PreambleDestination Address Source Address Length/ Type LLC/ Data Frame Check Sequence.
NETWORK MANAGEMENT Semester 4, Chapter 7. The Administrative Side of Network Management.

NETWORK MANAGEMENT Semester 4, Chapter 7. The Administrative Side of Network Management.
Remote Network Monitoring (RMON)

Remote Network Monitoring (RMON)
Guide to TCP/IP, Third Edition Chapter 11: Monitoring and Managing IP Networks.

Guide to TCP/IP, Third Edition Chapter 11: Monitoring and Managing IP Networks.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.
Remote Monitoring and Desktop Management Week-7. SNMP designed for management of a limited range of devices and a limited range of functions Monitoring.

Remote Monitoring and Desktop Management Week-7. SNMP designed for management of a limited range of devices and a limited range of functions Monitoring.

Similar presentations

Ads by Google