Download presentation
Presentation is loading. Please wait.
Published byKerrie Kelly Modified over 9 years ago
1
1 Kyung Hee University Prof. Choong Seon HONG Remote Network Monitoring Remote Network Monitoring Alarms and Filters
2
2 Kyung Hee University Overview Dealing with alarms and the filtering and capturing of packets alarm group filter group Packet capture group event group
3
3 Kyung Hee University 9.1 alarm Group defines a set of thresholds for network performance If a threshold is crossed in the appropriate direction, an alarm is generated and sent to the central console consists of a single table, alarmTable each entry in the table specifies a particular variable to be monitored, a sampling interval, threshold parameters the single entry contains the recent sample value, that is, the value observed at the end of the last sampling interval alarmTable including following objects alarmIndex alarmInterval alarmVarible alarmSampleType
4
4 Kyung Hee University alarm Group (cont’d) alarmTable including following objects (cont’d) alarmIndex alarmInterval alarmVarible alarmSampleType : having absoluteValue(1) and deltaValue alarmValue alarmStartupAlarm alarmRisingThreshold alarmFallingThreshold alarmRisingEventIndex alarmFallingEventIndex
5
5 Kyung Hee University alarm Group (cont’d)
6
6 Kyung Hee University alarm Group (cont’d) Alarm scheme the monitor or a management station can define a new alarm by creating a new row in the alarmTable. combination of variable, sampling interval, and threshold parameter is unique to a given row The rising threshold is crossed if the current sampled value is greater than or equal to the rising threshold and the value at the last sampling interval was less than the threshold The falling threshold is crossed if the current sampled value is less than or equal to the falling threshold and the value at the last sampling interval was greater than the threshold Two types of values for alarms absoluteValue : the value of an object at the time of sampling deltaValue : difference in values for the object over successive sampling periods (rate of change)
7
7 Kyung Hee University alarm Group (cont’d) The rules for the generation of rising-alarm events (see page 254) alarmStartupAlarm value of risingAlarm or risingOrFalling
8
8 Kyung Hee University alarm Group (cont’d) The fluctuations in the value produce another crossing of the rising threshold; this crossing is not counted as an alarm event since it does not satisfy the rules spelled out in the preceding list
9
9 Kyung Hee University alarm Group (cont’d) Hysteresis mechanism Sampled State of alarm-generation mechanism Falling-alarm state Rising-alarm state Falling alarm triggered Rising alarm triggered Falling threshold Rising threshold object value
10
10 Kyung Hee University alarm Group (cont’d) deltaValue be sampled with greater precision than indicated by alarmInterval The delta sample should be taken twice per period Time (t)01020 Observed value01932 Delta value01913 Time (t)05101520 Observed value010193032 Delta value0109112 ( X ) if ( rising threshold=20)
11
11 Kyung Hee University filter group provides a means by which a management station can instruct a monitor to observe selected packets on a particular interface Two kinds of filter data filter : allowing the monitor to screen observed packets on the basis of a bit pattern that a portion of the packet matches (or fail to match) status filter : allowing the monitor to screen observed packets on the basis of their status (for example, valid, CRC error)
12
12 Kyung Hee University filter group (cont’d) Filter logic input = the incoming portion of a packet to be filtered filterPktData = the bit pattern to be tested for, filterPktDataMask = the relevant bits to be tested for, filterPktDataNotMask = indication of whether to test for a match or a mismatch An example of the use of the filter test in case of Ethernet filterPktDatOffset= 0 filterPktData= 0x0000000000A50000000000BB filterPktDataMask= 0xFFFFFFFFFFFFFFFFFFFFFFFF filterPktDataNotMask= 0x000000000000FFFFFFFFFFFF
13
13 Kyung Hee University filter group (cont’d)
14
14 Kyung Hee University filter group (cont’d) Channel Definition the stream of packets that pass the test The packet is passed through each of the filters defined for that channel filter logic for channel i if channelAcceptType = acceptMatched (1)
15
15 Kyung Hee University filter group (cont’d) RMON filter group structure
16
16 Kyung Hee University filter group (cont’d) filter group structure consists of two control tables associated with that channel are one or more rows in the filterTable read page 265
17
17 Kyung Hee University Packet capture group The packet capture group can be used to set up a buffering scheme for capturing packets from one of the channels in the filter group
18
18 Kyung Hee University Packet capture group (cont’d) consisting of two groups bufferControlTable : specifying the details of the buffering function captureBufferTable : buffering the data Refer to page 266
19
19 Kyung Hee University Packet capture group (cont’d)
20
20 Kyung Hee University Packet capture group (cont’d) the relationship between the control table and the data table Identifier in buffer
21
21 Kyung Hee University 9.4 event Group An event is triggered by a condition located elsewhere in the MIB, and an event can trigger an action defined elsewhere in the MIB An event may also cause information to be logged in this group and may cause an SNMP trap message to be issued. Also, an event that is defined in this group can be used to trigger activity related to another group. For example, an event can trigger turning a channel on or off Refer to Page 271 One key use of the event group is in conjunction with the alarm group The alarm group can define rising-threshold and falling threshold events that are referenced by indexing into the eventTable
22
22 Kyung Hee University event Group (cont’d)
23
23 Kyung Hee University 9.5 Practical Issues Packet capture overload A preferred alternative is to do much of the analysis locally, at the monitor, and send much more aggregated results to the management station. The packet capture feature of RMON can be useful if used intelligently l for example, broadcast storm l RMON can be used to capture packets to and from the suspect device, for analysis by the network manager at the management station Interoperability RMON manager program must be able to work with a variety of RMON probes
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.