New features in RMON2
Download
Report
Transcript New features in RMON2
New features in RMON2 (1)
Indexing with external objects
Reduce index object in data table
No columnar object that indicates to which
control row this data row belongs
EX1. To access instance of the data entry in
RMON 1 Vs RMON2
Rm1datavalue.Rm1controlindex.Rm1dataindex
Rm2datavalue.X.Y – X,Y external object
X – the value of index in control table
Y – the position to access in data table
New features in RMON2 (2)
Time filtering Indexing
Common function – a network management
app is periodically to poll all probes for the
values of objects
“It is desirable to have the probe return values
only for those objects whose value have
changed since the last poll”
No direct way in SNMP, but RMON2 has a
mechanism
Example of time filtering
FooTable
fooTable (1)
fooEntry (1)
fooTimeMark (1)
fooIndex (2)
fooCount (3)
EX1. Time filtering
Suppose fooTable has 2 values of index –
1,2
If no fooTimeMark , a management station
can see only two counter
With fooTimeMark, it is possible to request
the values of these counter only if they have
been updated since a given time
For example, current value of the counter
associated with fooIndex = 1 is 5 and most
recently updated at time 6
Also, the current value of the counter
associated with fooIndex=2 is 9 and most
recently updated at time 8
Then, at time 10, a manager issues the
request
GetRequest(fooCounts.7.1, fooCounts.7.2)
To get the value updated since time 7
The agent will response fooCounts.7.2=9
EX2. Time Filtering
Assume that basic row 1 (fooIndex=1) was updated
as follows:
sysUptime
fooCount.*.1value
500
1
900
2
2300
3
Assume that basic row 2 (fooIndex=2) was
updated as follows:
sysUptime
fooCount.*.2value
1100
1
1400
2
A manager station polls a probe every 15 seconds
(clock nms records time in hundredths of second)
1 At nms=1000, the manager does the baseline poll to
get everything since the last agent restart (Timefilter
=0)
GetRequest (sysUpTime.0,fooCounts.0.1,fooCount.0.2)
Response(sysUpTime.0=600,fooCounts.0.1=1,fooCount.0.2=0)
2 At nms=2500 (15 second later), the manager get an
update on all changes since the last report (agent
time=600)
GetRequest (sysUpTime.0, fooCounts.600.1, fooCount.600.2)
Response(sysUpTime.0=2100,fooCounts.600.1=2,fooCount.600.2
=2)
The agent received the request at a local time of 2100 ; a counter
1 was incremented at time 900 counter 2 was incremented at
1100 and 1400
3
At nms=4000, the manager get an update on all
changes since the last report (agent time=2100)
GetRequest (sysUpTime.0, fooCounts.2100.1, fooCount.2100.2)
Response(sysUpTime.0=3600,fooCounts.2100.1=3)
A counter 1 was incremented at time 2300 counter 2 has not
changed since 2100 , so no value returned
4
At nms=5500, the manager get an update on
all changes since the last report (agent
time=3600)
GetRequest (sysUpTime.0, fooCounts.3600.1,
fooCount.3600.2)
Response(sysUpTime.0=5500,)
Neither counter has been updated since time 3600 , so
no value returned
Protocol Directory Group
To address a key difficulty in remote
monitoring of protocol traffic above the MAC
layer
It provides a single central point for storing
information about types of protocols
One entry in the table for each protocol for
which the probe can decode and count
protocol data unit (PDU)
It cover MAC, network and higher layer
protocol
protocolDir Table
Fig 10.5
Protocol identification
protocolDirID object contains a unique octet
string for a specific protocol.
Octet string identifiers for protocols are
arranged in a tree structured.
Each layer is identified by 32 bit value which is
encoded as dot decimal format [a.b.c.d]
EX. Ethernet is hexadecimal 1 which is encoded
as [0.0.0.1] and referred to symbolically as
ether2
Protocol Assignments
Each layer is identified by a 32 bit number (four octets)
For MAC level protocols
ether2 = 1 [0.0.0.1]
llc = 2 [0.0.0.2]
snap = 3 [0.0.0.3]
vsnap = 4 [0.0.0.4]
ianaAssigned = 5 [0.0.0.5]
Ex. network layer, use type field of Ethernet frame (IP
=0.0.8.0) transport layer, use protocol field of IP header
(UDP = 0.0.0.17) and application layer, use port field of
UDP/TCP header (0.0.0.161)
Identification of SNMP running over UDP/IP on Ethernet
16.0.0.0.1.0.0.8.0.0.0.0.17.0.0.0.161
Entry in protocolDirEntry
If probe is needed for
interpreting all ethernet frames/IP datagram/UDP
segment/ SNMP PDU
Ether2 (4.0.0.0.1)
Ether2.ip (8.0.0.1.0.0.8.0)
Ether2.ip.udp (12.0.0.0.1.0.0.8.0.0.0.0.17)
Ether2.ip.udp.snmp
(16.0.0.0.1.0.0.8.0.0.0.0.17.0.0.0.161)
Format of index values for
protocolDirTable
Protocol parameter
It contains information about the probe’s
capability with the respect to a particular
protocol
The value is structured as a one-octet count
field followed by a set of N-octet parameters,
one for each protocol layer
Each bit in the parameter octet is encoded
separately to define a particular capability , 2
LSB are reserved for all protocols
CountFragment (bit0) – counted if higher layer
PDU is fragmented
tracksSessions (bit1) – attributes all packets of a
port-mapped protocol (start session on a wellknown port then transfer to dynamically assigned
ports)
SNMP UDP/IP with fragments counted for IP or
above
16.0.0.0.1.0.0.8.0.0.0.0.17.0.0.0.161.4.0.1.0.0
protocolDirType –
extensible(0) may extend this table by creating entries that
are children of this protocol
addressRecognitionCapable(1) indicates that the probe can
also recognize source and destination address fields for
finer-grained counting
protocolDirAddressMapConfig
protocolDirHostConfig
protocolDirMatrixConfig
All 3 columns may be set to notSupported (1)
/supportedOff(2) /supportedON (3)
Protocol distribution Group
It summarizes how many octets and packets
have been sent from each of the protocols
supported
protocolDistControlTable – controls collection
of basic statistics
protocolDistStatsTable – record the data
Address Map Group
It matches each network address to a specific
MAC-level address
It is helpful in node discovery and network
topology applications for pinpointing the
specific path of the network traffic
3 scalars objects, one control table
(addressMapControlTable) and one data table
(addressMapTable)
Fig 10.9
Network-layer and Application
layer Host group
nlHost group enables users to decode
packets based on their network-layer
address
alHost group enables users to decode
packets based on their network-layer
address
Fig 10.11
nlMatrix group
Statistical collection of information based on source
and destination network address
nlMatrixSDTable/ nlMatrixDSTable
nlMatrixSDPkts – the number of packets from SRC. To DST
nlMatrixSDOctets – the number of octets from SRC. to DST
nlMatrixTopNtable
nlMatrixTopNPktRate – the number of packets seen from
source host to destination host during this sampling
interval
nlMatrixTopNReversePktRate – same as above (Destination
to source)
Fig 10.12
alMatrix Group
Statistical collection of information based on source
and destination application address (port number)
alMatrixSDTable/ alMatrixDSTable
alMatrixDSPkts – the number of packets from Src. To Dst.
alMatrixDSOctets – the number of octets from Src. To Dst.
alMatrixTopNtable
alMatrixTopNPktRate – the number of packets seen from
source host to destination host during this sampling
interval
alMatrixTopNReversePktRate – same as above (Destination
to source)
Fig 10.14
Fig 10.15
User history collection group
Collect particular statistics and variables then
logs that data based on user-defined
parameters
Probe configuration group
To solve interoperability among RMON probe
and managers