Transcript Chapter 8

Chapter 8
Chapter 8
RMON
Network Management: Principles and Practice
© Mani Subramanian 2000
8-1
Chapter 8
RMON Components
D a ta
A n a ly z e r
SNMP
T ra ffic
R o u te r
BACKBONE
NETW ORK
R o u te r
SNMP
T ra ffic
RMON
P ro b e
LAN
• RMON Probe
• Data gatherer - a physical device
• Data analyzer
• Processor that analyzes data
Notes
• RMON Remote Network Monitoring
Network Management: Principles and Practice
© Mani Subramanian 2000
8-2
Chapter 8
Network with RMONs
R e m o te F D D I L A N
F D D I P ro b e
R o u te r w ith
R MON
FDDI
B a c k b o n e N e tw o rk
R o u te r
B rid g e
Local LA N
R o u te r
N MS
R e m o te T o k e n R in g L A N
E th e rn e t
P ro b e
T o ke n R in g
P ro b e
F ig u re 8 .1 N e tw o rk C o n fig u ra tio n w ith R M O N s
Notes
Nots
• Note that RMON is embedded monitoring remote
FDDI LAN
• Analysis done in NMS
Network Management: Principles and Practice
© Mani Subramanian 2000
8-3
Chapter 8
RMON Benefits
• Monitors and analyzes locally and relays data;
Less load on the network
• Needs no direct visibility by NMS;
More reliable information
• Permits monitoring on a more frequent basis
and hence faster fault diagnosis
• Increases productivity for administrators
Notes
Network Management: Principles and Practice
© Mani Subramanian 2000
8-4
Chapter 8
RMON MIB
rm o n (m ib -2 1 6 )
rm o n C o n fo rm a n c e (2 0 )
s ta tis tic s (1 )
p ro b e C o n fig (1 9 )
h is to ry (2 )
u s rH is to ry (1 8 )
a 1 M a trix (1 7 )
a la rm (3 )
a 1 H o s t (1 6 )
h o s t (4 )
n 1 M a trix (1 5 )
h o s tT o p N (5 )
m a trix (6 )
n 1 H o s t (1 4 )
filte r (7 )
a d d re s s M a p (1 3 )
c a p tu re (8 )
p ro to c o lD is t (1 2 )
e v e n t (9 )
p ro to c o lD ir (1 1 )
RMON2
RMON1
T o k e n R in g (1 0 )
R M O N 1 E x te n s io n
F ig u re 8 .2 R M O N G ro u p
Notes
• RMON1: Ethernet RMON groups (rmon 1 - rmon 9)
• RMON1: Extension: Token ring extension (rmon 10)
• RMON2: Higher layers (3-7) groups (rmon 11 - rmon 20)
Network Management: Principles and Practice
© Mani Subramanian 2000
8-5
Chapter 8
Row Creation & Deletion
S ta te
va lid
cre a te R e qu e st
u n d e rC re a tio n
in valid
Enumera tio n
1
2
3
4
D e scrip tio n
R o w e xists a n d is a ctive . It is fully co n fig u re d a nd o p era tio n al
C re a te a n e w ro w b y cre a tin g this ob je ct
R o w is n o t fully a ctive
D e le te th e ro w b y d isa sso cia tin g the m a p p in g o f this e n try
• EntryStatus data type introduced in RMON
• EntryStatus (similar to RowStatus in SNMPv2)
used to create and delete conceptual row.
• Only 4 states in RMON compared to 6 in SNMPv2
Notes
Network Management: Principles and Practice
© Mani Subramanian 2000
8-6
Chapter 8
RMON Groups and Functions
T o k e n R in g S ta tis tic s
T o k e n R in g
S ta tis tic s
T o k e n R in g
H is to ry
H is to ry
C o n tro l
E th e rn e t
H is to ry
H is to ry
C o n tro l
E th e rn e t S ta tis tic s
E th e rn e t
S ta tis tic s
R e m o te ly
M o n ito re d
N e tw o rk
H o s t a n d C o n v e rs a tio n S ta tis tic s
D a ta
G a th e rin g
H ost
S ta tis tic s
H o s tT o p N
S ta tis tic s
M a trix
S ta tis tic s
N e tw o rk
M anager
F ilte r G ro u p
Packet
F ilte rin g
C hannel
F ilte rin g
A la rm
G e n e ra tio n
Event
G e n e ra tio n
Packet
C a p tu re
F ig u re 8 .3 R M O N 1 G ro u p s a n d F u n c tio n s
Notes
• Probe gathers data
• Functions
• Statistics on Ethernet, token ring, and
hosts / conversations
• Filter group filters data prior to capture of data
• Generation of alarms and events
Network Management: Principles and Practice
© Mani Subramanian 2000
8-7
Chapter 8
RMON1 MIB Groups & Tables
G ro u p
S ta tistics
O ID
rm o n 1
F u n ctio n
L in k le vel sta tistics
H isto ry
rm o n 2
P e rio dic sta tistical d ata
co lle ction a n d sto ra ge fo r la te r
re trie val
A la rm
rm o n 3
H o st
rm o n 4
G e n e ra te s e ve n ts w h e n the d a ta
sa m p le g a th e red cro sse s p ree sta blish e d th re sh old s
G a th e rs sta tistical d a ta o n ho sts
H o stT o p N
rm o n 5
M a trix
rm o n 6
F ilte r
rm o n 7
F ilte r fun ctio n tha t e n ab le s
ca p tu re o f d e sire d p ara m e te rs
P a cke t
C a p tu re
rm o n 8
E ve n t
rm o n 9
T o ke n
R in g
rm o n 1 0
P a cke t ca p tu re ca p a bility to
g a th e r p a cke ts a fte r th e y flo w
th ro u g h a ch a nn el
C o n trols th e g e n era tio n o f
e ve n ts a n d n o tifica tion s
S e e T a ble 8.3
C o m p u te s th e to p N h o sts on
th e re spe ctive ca teg o rie s o f
sta tistics g a th ere d
S ta tistics o n tra ffic b e tw e e n p air
o f h o sts
T a ble s
-e th e rS ta tsT a ble
-e th e rS ta ts2 T ab le
-h isto ryC o ntrolT a ble
-e th e rH isto ryT a ble
-h isto ryC o ntrol2T a ble
-e th e rH isto ry2T a ble
-a la rm T a b le
-h o stC o n trolT ab le
-h o stT a ble
-h o stT im e T a ble
-h o stC o n trol2 T a ble
-h o stT o p N co n trolT a ble
-m a trixC o n tro lT a ble
-m a trixS D T a b le
-m a trixD S T a b le
-m a trixC o n tro l2T a ble
-filte rT a ble
-ch a n n elT a ble
-filte r2T a ble
-ch a n n el2T a ble
-b u fferco n tro lT a ble
-ca p tu re B u ffe rT a ble
-e ve n tT a ble
S e e T a ble 8.3
Notes
• Ten groups divided into three categories
• Statistics groups (rmon 1, 2, 4, 5, 6, and 10))
• Event reporting groups (rmon 3 and 9)
• Filter and packet capture groups(romon 7 and 8)
• Groups with “2” in the name are enhancements with RMON2
Network Management: Principles and Practice
© Mani Subramanian 2000
8-8
Chapter 8
Textual Convention:
LastCreateTime and TimeFilter
• LastCreateTime tracks change of data with the
changes in control in the control tables
• Timefilter used to download only those rows that
changed after a particular time
FooTable (bold indicating the indices):
fooTimeMark fooIndex
fooCounts
fo o C o u n ts.0 .1
fo o C o u n ts.0 .2
fo o C o u n ts.1 .1
fo o C o u n ts.1 .2
fo o C o u n ts.2 .1
fo o C o u n ts.1 .2
fo o C o u n ts.3 .1
fo o C o u n ts.3 .2
fo o C o u n ts.4 .2
5
9
5
9
5
9
5
9
9
-- (N o te th a t ro w # 1 d o e s n o t e xis t fo r tim e s 4 & 5
sin c e th e la st u p d a te o c cu rre d a t tim e -m a rk 3 .)
fo o C o u n ts.5 .2
9
(B o th ro w s # 1 a n d # 2 d o n o t e xist fo r tim e -m a rk g re a te r th a n 5 .)
Notes
• Bold objects (fooTimeMark and fooIndex) are
indices
Network Management: Principles and Practice
© Mani Subramanian 2000
8-9
Chapter 8
Control and Data Tables
d a ta T a b le
d a ta E n try
co n tro lT a b le
co n tro lE n try
c o n tro l
In d e x
co n tro l
D a ta S o u rce
co n tro l
T a b le S ize
co n tro l
Ow ner
co n tro l
S ta tu s
co n tro l
O th e r
c o n tro l
In d e x
co n tro l
D a ta S o u rce
co n tro l
T a b le S ize
co n tro l
Ow ner
co n tro l
S ta tu s
co n tro l
O th e r
d a ta
In d e x
d a ta
A d d lIn d e x
d a ta
O th e r
d a ta
In d e x
d a ta
A d d lIn d e x
d a ta
O th e r
d a ta
In d e x
d a ta
A d d lIn d e x
d a ta
O th e r
d a ta
In d e x
d a ta
A d d lIn d e x
d a ta
O th e r
N o te o n In d ic e s :
In d ic e s m a rk e d in b o ld le tte r
V a lu e o f d a ta In d e x s a m e a s v a lu e o f c o n tro lIn d e x
F ig u r e 8 .4 R e la tio n s h ip b e tw e e n C o n tr o l a n d D a ta T a b le s
Notes
• Control table used to set the instances of data rows
in the data table
• Values of data index and control index are the same
Network Management: Principles and Practice
© Mani Subramanian 2000
8-10
Chapter 8
Matrix Control and SD Tables
m a trixS D T a b le
m a trixS D E n try
m a trixC o n tro lT ab le
m a trixC o n tro lE n try
m atrix
C o n tro l
In d e x = 1
m atrix
C o n tro l
In d e x = 2
m a trix
C o n tro l
D a taS o urce
= ifIn diex.1
m a trix
C o n tro l
D a taS o urce
= ifIn diex.2
m a trix
C o n tro l
T a ble S ize =
10
m a trix
C o n tro l
O w n er =
" B ob "
m a trix
C o n tro l
T a ble S ize =
10
m a trix
C o n tro l
O w n er =
" B ob "
m a trix
C o n tro l
S ta tu s = 1
m a trix
C o n tro lL a st
D e leteT im e
= 1 00 0
m a trix
C o n tro l
S ta tu s = 1
m a trix
C o n tro lL a st
D e leteT im e
= 1 00 0 50
N o te o n In d ic e s :
In d ic e s m a rk e d in b o ld le tte r
V a lu e o f d a ta In d e x s a m e a s v a lu e o f c o n tro lIn d e x
m atrixS D
So u rc e
A d d re ss =
1 72 .1 5 .8 .1 1
m atrixS D
D es tin a tio n
A d d re ss =
1 92 .7 .8 .11
m atrix
SD
In d e x =
1
m a trix
SD
P kts =
m atrixS D
So u rc e
A d d re ss =
1 72 .1 5 .8 .1 1
m atrixS D
D es tin a tio n
A d d re ss =
1 99 .5 .8 .20
m atrix
SD
In d e x =
1
m a trix
SD
P kts =
m atrixS D
So u rc e
A d d re ss =
1 72 .1 6 .8 .1 6
m atrixS D
D es tin a tio n
A d d re ss =
1 93 .5 .8 .20
m atrix
SD
In d e x =
2
m a trix
SD
P kts =
m atrixS D
So u rc e
A d d re ss =
1 72 .1 6 .8 .2 0
m atrixS D
D es tin a tio n
A d d re ss =
1 93 .5 .8 .20
m atrix
SD
In d e x =
2
m a trix
SD
P kts =
F ig u r e 8 .4 R e la tio n s h ip b e tw e e n C o n tr o l a n d D a ta T a b le s
Notes
• matrixSDTable is the source-destination table
• controlDataSource identifies the source of the data
• controlTableSize identifies entries associated with
the data source
• controlOwner is creator of the entry
Network Management: Principles and Practice
© Mani Subramanian 2000
8-11
Chapter 8
Host Top N Group Example
H o stT o p N
Host 1
Host 2
Host 3
Host 4
Host 5
Host 6
Host 7
Host 8
Host 9
Host 10
0
100
200
300
400
G ig a O c t e t s
F ig u re 8 .5 H o s tT o p -1 0 O u tp u t O c te ts
Notes
Network Management: Principles and Practice
© Mani Subramanian 2000
8-12
Chapter 8
Filter Group
filte rT a ble
filte rE ntry
ch an ne lT ab le
ch an ne lE n try
c ha nne l
Index =1
c ha nne l
Index = 2
ch an ne l
IfIn d ex = 1
ch an ne l
IfIn d ex
ch an ne l
A ccep tT ype
ch an ne l
A ccep tT ype
ch an ne l
D a taC on trol
O th er
C h a nn e l
P aram e te rs
ch an ne l
D a taC on trol
O th er
C h a nn e l
P aram e te rs
N o te o n In d ic e s :
In d ic e s m a rk e d in b o ld le tte r
V a lu e o f filte rC h a n n e lIn d e x s a m e a s v a lu e o f c h a n n e lIn d e x
filte rInde x
=1
filte r
C h a nn e lInd ex
=1
F ilter
P aram e te rs
filte rInde x
=2
filte r
C h a nn e lInd ex
=1
F ilter
P aram e te rs
filte rInde x
=3
filte r
C h a nn e lInd ex
=2
F ilter
P aram e te rs
filte rInde x
=4
filte r
C h a nn e lInd ex
=2
F ilter
P aram e te rs
Notes
• Filter group used to capture packets defined by
logical expressions
• Channel is a stream of data captured based on a
logical expression
• Filter table allows packets to be filtered with an
arbitrary filter expression
• A row in the channel table associated with multiple
rows in the filter table
Network Management: Principles and Practice
© Mani Subramanian 2000
8-13
Chapter 8
Packet Capture Group
Channel
Table
Filter
Table
(many
for
each
channel)
Capture
Buffer
Table
(One
entry
per
Channel)
Notes
• Packet capture group is a post-filter group
• Buffer control table used to select channels
• Captured data stored in the capture buffer table
Network Management: Principles and Practice
© Mani Subramanian 2000
8-14
Chapter 8
RMON TR Extension Groups
T o k e n R in g G ro u p
S ta tis tic s
P ro m is c u o u s S ta tis tic s
M a c -L a y e r H is to ry
P ro m is c u o u s H is to ry
R in g S ta tio n
R in g S ta tio n O rd e r
R in g S ta tio n
C o n fig u ra tio n
S o u rc e R o u tin g
F u n c tio n
C u rre n t u tiliza tio n
a n d e rro r s ta tis tic s
of M ac Layer
C u rre n t u tiliza tio n
a n d e rro r s ta tis tic s
o f p ro m is c u o u s
d a ta
H is to rica l
u tiliz a tio n a n d
e rro r s ta tis tic s o f
M ac Layer
H is to rica l
u tiliz a tio n a n d
e rro r s ta tis tic s o f
p ro m is c u o u s d a ta
S ta tio n sta tis tic s
O rd e r o f th e
s ta tio n s
A c tiv e
c o n fig u ra tio n o f
rin g s ta tio n s
U tiliz a tio n sta tis tic s
o f s o u rc e ro u tin g
in fo rm a tio n
T a b le s
to k e n R in g M L S ta ts T a b le
to k e n R in g M L S ta ts 2 T a b le
to k e n R in g P S ta ts T a b le
to k e n R in g P S ta ts 2 T a b le
to k e n R in g M L H is to ry T a b le
to k e n R in g P H is to ry T a b le
rin g S ta tio n C o n tro lT a b le
rin g S ta tio n T a b le
rin g S ta tio n C o n tro l2 T a b le
rin g S ta tio n O rd e rT a b le
rin g S ta tio n C o n fig C o n tro lT a b le
rin g S ta tio n C o n fig T a b le
s o u rc e R o u tin g S ta ts T a b le
s o u rc e R o u tin g S ta ts 2 T a b le
Notes
• Two statistics groups and associated history groups
• MAC layer (Statistics group) collects
TR parameters
• Promiscuous Statistics group collects packets
promiscuously on sizes and types of packets
• Three groups associated with the stations
• Routing group gathers on routing
Network Management: Principles and Practice
© Mani Subramanian 2000
8-15
Chapter 8
RMON2
• Applicable to Layers 3 and above
• Functions similar to RMON1
• Enhancement to RMON1
• Defined conformance and compliance
Notes
Network Management: Principles and Practice
© Mani Subramanian 2000
8-16
Chapter 8
RMON2 MIB
T a b le 8 .4 R M O N 2 M IB G ro u p s a n d T a b les
G ro u p
P ro to col
D ire cto ry
P ro to col
D istribu tio n
A d d re ss M a p
O ID
rm o n 1 1
F u n c tio n
In ve n to ry o f p ro to cols
T a b les
p ro to colD irT a ble
rm o n 1 2
p ro to colD istC o n trolT a ble
p ro to colD istS ta tsT a ble
a d d re ssM a p C o n trolT ab le
a d d re ssM a p T a ble
N e tw o rk
L a ye r H o st
N e tw o rk
L a ye r M a trix
rm o n 1 4
R e la tive sta tistics o n
o cte ts a n d p a cke ts
M a c a d d re ss to
n e tw o rk a d d re ss o n
th e in te rfa ce s
T ra ffic da ta fro m a n d
to e a ch ho st
T ra ffic da ta fro m e a ch
p a ir o f ho sts
A p p lica tio n
L a ye r H o st
rm o n 1 6
A p p lica tio n
L a ye r M a trix
rm o n 1 7
U se r H isto ry
C o lle ctio n
rm o n 1 8
P ro b e
C o n figu ra tion
rm o n 1 9
RMON
C o n fo rm a n ce
rm o n 2 0
rm o n 1 3
rm o n 1 5
T ra ffic da ta b y
p ro to col fro m a n d to
e a ch h o st
T ra ffic da ta b y
p ro to col be tw e e n
p a irs o f ho sts
U se r-sp e cifie d
h istorical d a ta o n
a larm s a n d sta tistics
C o n figu ra tion o f pro b e
p a ra m e te rs
R M O N 2 M IB
C o m p lia n ce s an d
C o m p lia n ce G ro u p s
n 1 H o stC o n tro lT a ble
n 1 H o stT a ble
n 1 M a trixC o n trolT a ble
n 1 M a trixS D T a ble
n 1 M a trixD S T a ble
n 1 M a trixT o p N C o n trolT a ble
n 1 M a trixT o p N T a ble
a 1 H o stT a ble
a 1 M a trixS D T a ble
a 1 M a trixD S T a ble
a 1 M a trixT o p N C o n trolT a ble
a 1 M a trixT o p N T a ble
u srH isto ryC o n trolT a ble
u srH isto ryO b je ctT a ble
u srH isto ryT a ble
se rialC o n fig T a ble
n e tC o n fig T a ble
tra p D e stT a ble
se rialC o n n e ction T a ble
S e e S e ctio n 8 .4 .2
Notes
Network Management: Principles and Practice
© Mani Subramanian 2000
8-17
Chapter 8
ATM RMON
A pp lica tion
L aye r
U p p e r L a y e r P ro to c o ls
R M O N -2
(R F C 2 0 2 1 , 2 0 7 4 )
E th e rn e t
RMON
(R F C 1 7 5 7 )
T o k e n R in g
RMON
(R F C 1 5 1 3 )
IE T F M IB s
N e tw o rk L a yer
'B ase ' L a yer
A T M P ro to c o l ID s fo r
R M O N -2
(A d d itio n s to R F C 2 0 7 4 )
S w itc h
E x te n s io n s
fo r R M O N
ATM
RMON
A d d itio n a l M IB s
F ig u re 8 .7 R M O N M IB F ra m e w o rk (© 1 9 9 5 A T M F o ru m )
Notes
• ATM Forum extended RMON to ATM
• Switch extensions and ATM RMON define objects
at the base layer
• ATM protocol IDs for RMON2 define additional
objects at the higher levels
• ATM devices require cell-based measurements and
statistics
• Probe should be able to handle high speed
Network Management: Principles and Practice
© Mani Subramanian 2000
8-18
Chapter 8
ATM Probe Location
ATM
S w itc h
ATM
S w itc h
RMON
P ro b e
RMON
P ro b e
(a ) E x te rn a l P ro b e w ith c o p y
A T M S w itc h
w ith in te rn a l
R M O N P ro b e
(b ) In te rn a l P ro b e w ith c o p y
ATM
S w itc h
ATM
S w itc h
RMON
P ro b e
(c ) In te rn a l P ro b e w ith o u t c o p y
(d ) E x te rn a l P ro b e w ith o u t c o p y
F ig u re 8 .8 A T M P ro b e L o c a tio n © 1 9 9 5 A T M F o ru m )
Notes
• Stand-alone probe in (a) copies the cells
• Embedded version in (b) reports data, but
has no access to switch fabric
• Internal probe (c) similar to (b) with access to switch
• Stand-alone probe (d) taps network-to-network
interface between two ATM switches
• (a) and (b) require duplex circuits, steering of traffic,
and design modification
• Embedded designs (c) and (d) require no
modification
Network Management: Principles and Practice
© Mani Subramanian 2000
8-19
Chapter 8
ATM RMON MIB Groups
T a b le 8 .6 AT M R M O N M IB G ro u p s a n d T ab le s
G ro u p
O ID
p o rtS ele ct a tm R m o n M IB O b je cts
1
a tm S ta ts a tm R m o n M IB O b je cts
2
a tm H o st
a tm R m o n M IB O b je cts
3
a tm M a trix a tm R m o n M IB O b je cts
4
F u n c tio n
P o rt S e le ctio n
B a sic S ta tistics
A T M p e r-h o st
sta tistics
A T M p e r-circuit
sta tistics
T a b les
p o rtS elG rpT a ble
p o rtS elT a ble
a tm S ta tsC o n trolT a ble
a tm S ta tsT a b le
a tm H o stC o n tro lT ab le
a tm H o stT a b le
a tm M a trixC o n tro lT a ble
a tm M a trixS D T a b le
a tm M a trixD S T a b le
a tm M a trixT o p N C o n trolT a ble
a tm M a trixT o p N T a ble
Notes
• ATM RMON MIB contains four groups
• portSelect group selects ports
• atmStats collects basic statistics based on port
selection
• atmHost gathers statistics based on host traffic
• atmMatrix group collects conversation traffic and
ranks the top-N entries
Network Management: Principles and Practice
© Mani Subramanian 2000
8-20
Chapter 8
A Case Study
• A study at Georgia Tech on Internet traffic
• Objectives
• Traffic growth and trend
• Traffic patterns
• Network comprising Ethernet and FDDI LANs
• Tools used
• HP Netmetrix protocol analyzer
• Special high-speed TCP dump tool for
FDDI LAN
• RMON groups utilized
• Host top-n
• Matrix group
• Filter group
• Packet capture group (for application level
protocols)
Notes
Network Management: Principles and Practice
© Mani Subramanian 2000
8-21
Chapter 8
Case Study Results
1. G ro w th R ate : Internet traffic grew at a significant rate from F ebruary to
June at a m onthly rate of 9% to 18% .
12%
F ebruary to M arch
9%
M arch to A pril
18%
A pril to M ay
N ote: There is sudden drop in June due to end of spring quarter and
sum m er quarter starting.
2. T raffic P attern:

M o nthly / W eekly: O nly discernible variation is lower traffic over
weekends

D aily: 2/3 of the top 5% peaks occur in the afternoons

U sers:
T op six dom ain of users (96% ) are
20%
D om ain 1
30%
D om ain 2
S ubdom ain 1 (25% )
S ubdom ain 2 (3% )
34%
D om ain 3
7%
D om ain 4
3%
D om ain 5
2%
D om ain 6
T op three hosts sending or receiving data
N ewsgroups
M bone
Linux host
W hat w e have learned :
1. T he three top groups of users contributing to 84% of the Internet traffic are
students (surprise!). N ewsgroup services, and D om ain 1.
2. G rowth rate of Internet during the study period in spring quarter is 50% .
Network Management: Principles and Practice
© Mani Subramanian 2000
8-22