New features in RMON2

Download Report

Transcript New features in RMON2

New features in RMON2 (1)

Indexing with external objects





Reduce index object in data table
No columnar object that indicates to which
control row this data row belongs
EX1. To access instance of the data entry in
RMON 1 Vs RMON2
Rm1datavalue.Rm1controlindex.Rm1dataindex
Rm2datavalue.X.Y – X,Y external object


X – the value of index in control table
Y – the position to access in data table
New features in RMON2 (2)




Time filtering Indexing
Common function – a network management
app is periodically to poll all probes for the
values of objects
“It is desirable to have the probe return values
only for those objects whose value have
changed since the last poll”
No direct way in SNMP, but RMON2 has a
mechanism
Example of time filtering
FooTable
fooTable (1)
fooEntry (1)
fooTimeMark (1)
fooIndex (2)
fooCount (3)
EX1. Time filtering




Suppose fooTable has 2 values of index –
1,2
If no fooTimeMark , a management station
can see only two counter
With fooTimeMark, it is possible to request
the values of these counter only if they have
been updated since a given time
For example, current value of the counter
associated with fooIndex = 1 is 5 and most
recently updated at time 6





Also, the current value of the counter
associated with fooIndex=2 is 9 and most
recently updated at time 8
Then, at time 10, a manager issues the
request
GetRequest(fooCounts.7.1, fooCounts.7.2)
To get the value updated since time 7
The agent will response fooCounts.7.2=9
EX2. Time Filtering

Assume that basic row 1 (fooIndex=1) was updated
as follows:
sysUptime
fooCount.*.1value
500
1
900
2
2300
3

Assume that basic row 2 (fooIndex=2) was
updated as follows:
sysUptime
fooCount.*.2value
1100
1
1400
2
A manager station polls a probe every 15 seconds
(clock nms records time in hundredths of second)
1 At nms=1000, the manager does the baseline poll to
get everything since the last agent restart (Timefilter
=0)

GetRequest (sysUpTime.0,fooCounts.0.1,fooCount.0.2)
Response(sysUpTime.0=600,fooCounts.0.1=1,fooCount.0.2=0)
2 At nms=2500 (15 second later), the manager get an
update on all changes since the last report (agent
time=600)
GetRequest (sysUpTime.0, fooCounts.600.1, fooCount.600.2)
Response(sysUpTime.0=2100,fooCounts.600.1=2,fooCount.600.2
=2)
The agent received the request at a local time of 2100 ; a counter
1 was incremented at time 900 counter 2 was incremented at
1100 and 1400
3
At nms=4000, the manager get an update on all
changes since the last report (agent time=2100)
GetRequest (sysUpTime.0, fooCounts.2100.1, fooCount.2100.2)
Response(sysUpTime.0=3600,fooCounts.2100.1=3)
A counter 1 was incremented at time 2300 counter 2 has not
changed since 2100 , so no value returned
4
At nms=5500, the manager get an update on
all changes since the last report (agent
time=3600)
GetRequest (sysUpTime.0, fooCounts.3600.1,
fooCount.3600.2)
Response(sysUpTime.0=5500,)
Neither counter has been updated since time 3600 , so
no value returned
Protocol Directory Group




To address a key difficulty in remote
monitoring of protocol traffic above the MAC
layer
It provides a single central point for storing
information about types of protocols
One entry in the table for each protocol for
which the probe can decode and count
protocol data unit (PDU)
It cover MAC, network and higher layer
protocol
protocolDir Table

Fig 10.5
Protocol identification


protocolDirID object contains a unique octet
string for a specific protocol.
Octet string identifiers for protocols are
arranged in a tree structured.


Each layer is identified by 32 bit value which is
encoded as dot decimal format [a.b.c.d]
EX. Ethernet is hexadecimal 1 which is encoded
as [0.0.0.1] and referred to symbolically as
ether2
Protocol Assignments


Each layer is identified by a 32 bit number (four octets)
For MAC level protocols







ether2 = 1 [0.0.0.1]
llc = 2 [0.0.0.2]
snap = 3 [0.0.0.3]
vsnap = 4 [0.0.0.4]
ianaAssigned = 5 [0.0.0.5]
Ex. network layer, use type field of Ethernet frame (IP
=0.0.8.0) transport layer, use protocol field of IP header
(UDP = 0.0.0.17) and application layer, use port field of
UDP/TCP header (0.0.0.161)
Identification of SNMP running over UDP/IP on Ethernet

16.0.0.0.1.0.0.8.0.0.0.0.17.0.0.0.161
Entry in protocolDirEntry

If probe is needed for





interpreting all ethernet frames/IP datagram/UDP
segment/ SNMP PDU
Ether2 (4.0.0.0.1)
Ether2.ip (8.0.0.1.0.0.8.0)
Ether2.ip.udp (12.0.0.0.1.0.0.8.0.0.0.0.17)
Ether2.ip.udp.snmp
(16.0.0.0.1.0.0.8.0.0.0.0.17.0.0.0.161)
Format of index values for
protocolDirTable
Protocol parameter



It contains information about the probe’s
capability with the respect to a particular
protocol
The value is structured as a one-octet count
field followed by a set of N-octet parameters,
one for each protocol layer
Each bit in the parameter octet is encoded
separately to define a particular capability , 2
LSB are reserved for all protocols




CountFragment (bit0) – counted if higher layer
PDU is fragmented
tracksSessions (bit1) – attributes all packets of a
port-mapped protocol (start session on a wellknown port then transfer to dynamically assigned
ports)
SNMP UDP/IP with fragments counted for IP or
above
16.0.0.0.1.0.0.8.0.0.0.0.17.0.0.0.161.4.0.1.0.0

protocolDirType –





extensible(0) may extend this table by creating entries that
are children of this protocol
addressRecognitionCapable(1) indicates that the probe can
also recognize source and destination address fields for
finer-grained counting
protocolDirAddressMapConfig
protocolDirHostConfig
protocolDirMatrixConfig

All 3 columns may be set to notSupported (1)
/supportedOff(2) /supportedON (3)
Protocol distribution Group



It summarizes how many octets and packets
have been sent from each of the protocols
supported
protocolDistControlTable – controls collection
of basic statistics
protocolDistStatsTable – record the data
Address Map Group



It matches each network address to a specific
MAC-level address
It is helpful in node discovery and network
topology applications for pinpointing the
specific path of the network traffic
3 scalars objects, one control table
(addressMapControlTable) and one data table
(addressMapTable)

Fig 10.9
Network-layer and Application
layer Host group


nlHost group enables users to decode
packets based on their network-layer
address
alHost group enables users to decode
packets based on their network-layer
address

Fig 10.11
nlMatrix group


Statistical collection of information based on source
and destination network address
nlMatrixSDTable/ nlMatrixDSTable



nlMatrixSDPkts – the number of packets from SRC. To DST
nlMatrixSDOctets – the number of octets from SRC. to DST
nlMatrixTopNtable


nlMatrixTopNPktRate – the number of packets seen from
source host to destination host during this sampling
interval
nlMatrixTopNReversePktRate – same as above (Destination
to source)

Fig 10.12
alMatrix Group


Statistical collection of information based on source
and destination application address (port number)
alMatrixSDTable/ alMatrixDSTable



alMatrixDSPkts – the number of packets from Src. To Dst.
alMatrixDSOctets – the number of octets from Src. To Dst.
alMatrixTopNtable


alMatrixTopNPktRate – the number of packets seen from
source host to destination host during this sampling
interval
alMatrixTopNReversePktRate – same as above (Destination
to source)

Fig 10.14

Fig 10.15

User history collection group


Collect particular statistics and variables then
logs that data based on user-defined
parameters
Probe configuration group

To solve interoperability among RMON probe
and managers