Transcript RMON Statistics Collection

Remote Network Monitoring
statistics Collection
Prof. Choong Seon HONG
Kyung Hee
University
1
Introduction
 Defining a remote monitoring MIB that supplements MIB-II
 Providing the network manager with vital information about the
internetwork
 Providing significant expansion in SNMP functionality
 RMON-Related FRCs
RFC 1513 : Token Ring Extensions to the Remote Network Monitoring MIB
RFC 1757 : Remote Network Monitoring Management Information Base
RFC 2021 : Remote Network Monitoring Management Information Base II
RFC 2074 : Remote Network Monitoring MIB Protocol Identifiers
RFC 2613 Remote Network Monitoring MIB Extensions for Switched Networks
Version 1.0. (proposed standard) June 1999
RFC 2819 : Remote Network Monitoring Management Information Base, May
2000. (obsolete RFC1757)
RFC 2895 : Remote Network Monitoring MIB Protocol Identifier Reference,
August 2000. (obsolete RFC 2074)
RFC 2896 : Remote Network Monitoring MIB Protocol Identifier Macros, August
2000.
(informational)
Kyung
Hee
University
2
Basic Concepts
 Network monitor, network analyzer, network probe : studying the
traffic on a network
producing summary information, including error statistics and
performance statistics
filter : used to limit the number of packets counted or captured, based
on packet type or other packet characteristics
 Remote monitors : monitors that communicate with a central
network management station
Kyung Hee
University
3
RMON Goals
 Defining standard network-monitoring functions and interfaces for
communicating between SNMP-based management consoles and remote
monitors
 Designing Goals for RMON described in RFC 1757
off-line operation : to limit or halt the routine polling of a monitor by network
manager
Proactive monitoring : using running diagnostics and logging network
performance
Problem detection and reporting
Value-added-data : performing analyses specific to the data collected on its
subnetwork

ex) analyzing subnetwork traffic to determine which hosts generate the most traffic or
errors on the subnetwork
Multiple managers

for improving reliability

for performing different functions (ex, engineering and operations)

for providing management capability to different units within an organization
Kyung Hee
University
4
RMON Goals (cont’d)
 A system that implements the RMON MIB is referred to as an
RMON probe.
no different from any other SNMP agent
Kyung Hee
University
5
RMON Goals (cont’d)
Kyung Hee
University
6
OID Tree
ITU-T(0)
iso(1)
joint-iso-ITU-T (2)
…. org(3) …..
….. dod(6) …..
….. internet (1) …..
directory(1)
……
mgmt(2) ….
Mib-2(1)
Experimental(3)
private(4)
enterprises(1)
system(1) interfaces(2) at(3) ip(4) icmp(5) tcp(6) udp(7) egp(8) cmot(9) transmission(10) snmp(11) …...Rmon(16)……...
Kyung Hee
University
7
Control of Remote Monitors
 For managing a remote monitor effectively, the RMON MIB
contains features that support extensive control from the
management station
Configuration : the type and form of data to be collected

remote monitor needs to be configured for data collection
Action invocation : by changing the value of the object
Kyung Hee
University
8
Table Management
 Providing technique for row addition and deletion
 Textual conventions
two new data types
OwnerString ::= DisplayString
EntryStatus ::= INTEGER { valid (1),
createRequest (2),
underCreation (3),
invalid (4) }
Ownerstring : indicating the owner of a row in read-write table in the
RMON MIB

Object name ending in Owner
EntryStatus : used in the creation, modification,and
deletion of rows

Object name ending in Status
Kyung Hee
University
9
Table Management (cont’d)
 General structure used for all control and data tables in the RMON
MIB1 (see Figure 8.2)
 Columnar parameter in control table (see Figure 8.3)
rmlControlIndex
rmlControlParameter
rmlControlOwner
rmlControlStatus
 Row Addition
using SetRequest PDU

SetRequest variablebindings (see 7.2.1.3)
supporting concurrent table addition attempts from multiple
management stations : named the “RMON Polka”
Kyung Hee
University
10
Table Management (cont’d)
agent itself is owner
Each row has a unique
value
Kyung Hee
University
11
Table Management (3)
 RMON Polka’s steps
1) for a management station attempts to create a new row, status
object value : createRequest (2)
2) after completing create operation, agent sets the status object value
to underCreation (3) : until the management station is finished
creating all of the rows that it desires for its configuration
3) after finishing all the rows, setting status object value to Valid (1)
4) if the row already exists or createRequest, an error will be
returned
 Row Modification and Deletion
By setting the status object value for that row to invalid thru issuing
the appropriate SetRequest PDU
Modification : at first, invalidating the row and then providing the row
with new parameter values
Kyung Hee
University
12
Table Management (4)
 Transition of EntryStatus state
Nonexistent
Create
request
Under
Creation
Valid
Invalid
Performed by manager
Performed by agent
Kyung Hee
University
13
RMON MIB
 RMON MIB Groups
statistics : maintaining low-level utilization and error statistics for each
subnetwork monitored by agent
history : recording periodic statistical samples from information available in the
statistics group
Alarm : setting a sampling interval and alarm threshold for any counter or integer
recorded by the RMON probe
host : containing counters for various types of traffic to and from hosts attached to
the subnetwork
hostTopN : containing sorted host statistics that report on the hosts that top a list
based on some parameter in the host table
matrix : showing error and utilization information in matrix form
filter : allowing the monitor to observe packets that match a filter
capture : governing how data is sent to a management console
event : giving a table of all events generated by the RMON probe
tokenRing : maintaining statistics and configuration information for token ring
subnetworks
Kyung Hee
University
14
RMON MIB (cont’d)
 Remote network monitoring MIB
rmon (mib-2, 16)
statistics (1)
history (2)
alarm (3)
host (4)
hostTopN (5)
matrix (6)
filter (7)
capture (8)
event (9)
tokenRing (10)
Kyung Hee
University
15
RMON MIB (cont’d)
 RMON II
protocolDir (11)
ProtocolDist (12)
addressMap(13)
nlHost (14)
nlMatrix (15)
alHost (16)
alMatrix (17)
usrHistory (18)
probeConfig (19)
rmonConformance (20)
Kyung Hee
University
16
RMON MIB (2)
 Some dependencies
alarm group : requiring the implementation of the event group
hostTopN group : requiring the implementation of the host group
packet capture group : requiring the implementation of the filter
group
Kyung Hee
University
17
Statistics Group
 Providing useful information about the load on a subnetwork and the
overall health of the subnetwork
 Containing the basic statistics for each mentioned subnetwork (see Figure
8.6)
 etherStatsTable : collecting a variety of counts for each attached
subnetwork, including byte, packet, error, and frame size counts (see
Table 8.2)
 Providing much more detail about Ethernet behavior than MIB-II
interfaces group
dot3Statstable : collecting statistics for a single system on an ethernet
etherStatsTable : collecting statistics for all systems on an ethernet
 read-write objects : etherStatsDataSource, etherStatsOwner, and
etherStatsStatus
Kyung Hee
University
18
Statistics Group (cont’d)
Kyung Hee
University
19
Statistics Group (cont’d)
Kyung Hee
University
20
history Group
 Defining sampling functions for one or more of the interfaces of
the monitor (See Figure 8.7)
 historyControlTable : specifying the interface and the details of
the sampling functions
 etherHistoryTable : recording the data
 Relationship between the control table and the data table (see Fig.
8.8)
Kyung Hee
University
21
history Group (cont’d)
Kyung Hee
University
22
history Group (cont’d)
Kyung Hee
University
23
history Group (cont’d)
 History table
Identifying the interface
Kyung Hee
University
24
history Group (cont’d)
 etherHistoryUtilization
etherStateOctets and etherStatePkts can be used to measure
the utilization of the subnetwork
Interframe-gap
preamble
Utilization =
(Packets x (96 + 64)) + (Octets x 8)x 100%
Interval x 107
Medium data rate
Kyung Hee
University
25
host Group
 Used for gathering statistics about specific hosts on the LAN
 Monitor learns of new hosts on the LAN by observing the source
and destination MAC addresses in good packets
 Consisting of three tables : one control table and two data tables
(see Fig. 8.9)
 relationship between the control table and two data table (Fig 8.11)
 Counters in hostTable (Table 8.3)
Kyung Hee
University
26
host Group
Kyung Hee
University
27
host Group (cont’d)
Kyung Hee
University
28
host Group (cont’d)
Kyung Hee
University
29
host Group (2)
 A simple RMON Configuration
agent a
agent b
agent c
Subnetwork X
Interface 1
RMON
Probe
Interface 2
Subnetwork Y
agent d
agent e
K=2
Subnetwork X Iinterface #1; hostControlIndex = 1 has three hosts; hostControlTablesize is
3 (N1 = 3) ; Subnetwork Y has two hosts (N2 = 2)
Kyung Hee
University
30
hostTopN Group
 Used to maintain statistics about the set of hosts on one
subnetwork that top a list based on some parameter
 Driving from data in the host group
 report : set of statistics for host group object on one interface or
subnetwork
 Consisting of one control table and one data table (see Fig. 8.12
and Fig. 8.13)
Kyung Hee
University
31
hostTopN Group (cont’d)
Kyung Hee
University
32
hostTopN Group (cont’d)
Kyung Hee
University
33
hostTopN Group (cont’d)
Specifying particular subnetwork
Kyung Hee
University
34
Matrix Group
 Used to record information about the traffic between pairs of hosts
on a subnetwork
 The information is stored in the form of a matrix
useful for pairwise traffic information, such as finding out which
devices are making the most use of a server
 Consisting of one control table and two data tables (Fig. 8.14)
Kyung Hee
University
35
Matrix Group (cont’d)
Kyung Hee
University
36
Matrix Group (cont’d)
Kyung Hee
University
37