1 Kyung Hee University Prof. Choong Seon HONG Remote Network Monitoring statistics Collection

11Kyung Hee Universit

y

Prof. Choong Seon HONG

Remote Network Monitoring Remote Network Monitoring statistics Collectionstatistics Collection


y

Introduction Introduction Defining a remote monitoring MIB that supplements MIB-II

Providing the network manager with vital information about the internetwork

Providing significant expansion in SNMP functionality

RMON-Related FRCs

RFC 1513 : Token Ring Extensions to the Remote Network Monitoring MIB

RFC 1757 : Remote Network Monitoring Management Information Base

RFC 2021 : Remote Network Monitoring Management Information Base II

RFC 2074 : Remote Network Monitoring MIB Protocol Identifiers

RFC 2613 Remote Network Monitoring MIB Extensions for Switched Networks Version 1.0. (proposed standard) June 1999

RFC 2819 : Remote Network Monitoring Management Information Base, May 2000. (obsolete RFC1757)

RFC 2895 : Remote Network Monitoring MIB Protocol Identifier Reference, August 2000. (obsolete RFC 2074)

RFC 2896 : Remote Network Monitoring MIB Protocol Identifier Macros, August 2000. (informational)


y

Basic ConceptsBasic Concepts

Network monitor, network analyzer, network probe : studying the

traffic on a network

producing summary information, including error statistics and performance statistics

filter : used to limit the number of packets counted or captured, based on packet type or other packet characteristics

Remote monitors : monitors that communicate with a central

network management station


y

RMON GoalsRMON Goals

Defining standard network-monitoring functions and interfaces for communicating between SNMP-based management consoles and remote monitors

Designing Goals for RMON described in RFC 1757

off-line operation : to limit or halt the routine polling of a monitor by network manager

Proactive monitoring : using running diagnostics and logging network performance

Problem detection and reporting

Value-added-data : performing analyses specific to the data collected on its subnetwork

ex) analyzing subnetwork traffic to determine which hosts generate the most traffic or errors on the subnetwork

Multiple managers

for improving reliability for performing different functions (ex, engineering and operations) for providing management capability to different units within an organization


y

RMON Goals (cont’d)RMON Goals (cont’d)

A system that implements the RMON MIB is referred to as an

RMON probe.

no different from any other SNMP agent


y

RMON Goals (cont’d)RMON Goals (cont’d)


y

OID TreeOID Tree

ITU-T(0) iso(1) joint-iso-ITU-T (2)

…. org(3) …..

….. dod(6) …..

….. internet (1) …..

directory(1) …… mgmt(2) …. Experimental(3) private(4)

Mib-2(1) enterprises(1)

system(1) interfaces(2) at(3) ip(4) icmp(5) tcp(6) udp(7) egp(8) cmot(9) transmission(10) snmp(11) Rmon(16)…... ……...


y

Control of Remote MonitorsControl of Remote Monitors

For managing a remote monitor effectively, the RMON MIB

contains features that support extensive control from the

management station

Configuration : the type and form of data to be collected

remote monitor needs to be configured for data collection

Action invocation : by changing the value of the object


y

Table ManagementTable Management

Providing technique for row addition and deletion

Textual conventions

two new data types

OwnerString ::= DisplayStringEntryStatus ::= INTEGER { valid (1),

createRequest (2), underCreation (3), invalid (4) }

Ownerstring : indicating the owner of a row in read-write table in the RMON MIB

Object name ending in Owner

EntryStatus : used in the creation, modification,and deletion of rows

Object name ending in Status


y

Table Management (cont’d)Table Management (cont’d)

General structure used for all control and data tables in the RMON

MIB1 (see Figure 8.2)

Columnar parameter in control table (see Figure 8.3)

rmlControlIndex

rmlControlParameter

rmlControlOwner

rmlControlStatus

Row Addition

using SetRequest PDU

SetRequest variablebindings (see 7.2.1.3)

supporting concurrent table addition attempts from multiple management stations : named the “RMON Polka”


y

Table Management (cont’d)Table Management (cont’d)agent itself is owner

Each row has a unique value


y

Table Management (3)Table Management (3)

RMON Polka’s steps

1) for a management station attempts to create a new row, status object value : createRequest (2)

2) after completing create operation, agent sets the status object value to underCreation (3) : until the management station is finished creating all of the rows that it desires for its configuration

3) after finishing all the rows, setting status object value to Valid (1)

4) if the row already exists or createRequest, an error will be returned

Row Modification and Deletion

By setting the status object value for that row to invalid thru issuing the appropriate SetRequest PDU

Modification : at first, invalidating the row and then providing the row with new parameter values


y

Table Management (4)Table Management (4)

Transition of EntryStatus state

Nonexistent Createrequest

UnderCreation

Valid

Invalid

Performed by managerPerformed by agent


y

RMON MIBRMON MIB RMON MIB Groups

statistics : maintaining low-level utilization and error statistics for each subnetwork monitored by agent

history : recording periodic statistical samples from information available in the statistics group

Alarm : setting a sampling interval and alarm threshold for any counter or integer recorded by the RMON probe

host : containing counters for various types of traffic to and from hosts attached to the subnetwork

hostTopN : containing sorted host statistics that report on the hosts that top a list based on some parameter in the host table

matrix : showing error and utilization information in matrix form

filter : allowing the monitor to observe packets that match a filter

capture : governing how data is sent to a management console

event : giving a table of all events generated by the RMON probe

tokenRing : maintaining statistics and configuration information for token ring subnetworks


y

RMON MIB (cont’d)RMON MIB (cont’d) Remote network monitoring MIB

rmon (mib-2, 16)

statistics (1)

history (2)

alarm (3)

host (4)

hostTopN (5)

matrix (6)

filter (7)

capture (8)

event (9)

tokenRing (10)


y

RMON MIB (cont’d)RMON MIB (cont’d)

RMON II

protocolDir (11)

ProtocolDist (12)

addressMap(13)

nlHost (14)

nlMatrix (15)

alHost (16)

alMatrix (17)

usrHistory (18)

probeConfig (19)

rmonConformance (20)


y

RMON MIB (2)RMON MIB (2)

Some dependencies

alarm group : requiring the implementation of the event group

hostTopN group : requiring the implementation of the host group

packet capture group : requiring the implementation of the filter group


y

StatisticsStatistics Group Group

Providing useful information about the load on a subnetwork and the over

all health of the subnetwork

Containing the basic statistics for each mentioned subnetwork (see Figure

8.6)

etherStatsTable : collecting a variety of counts for each attached subnetw

ork, including byte, packet, error, and frame size counts (see Table 8.2)

Providing much more detail about Ethernet behavior than MIB-II interfaces group

dot3Statstable : collecting statistics for a single system on an ethernet

etherStatsTable : collecting statistics for all systems on an ethernet

read-write objects : etherStatsDataSource, etherStatsOwner, and etherStatsStatus


y

StatisticsStatistics Group (cont’d) Group (cont’d)


y

StatisticsStatistics Group (cont’d) Group (cont’d)


y

historyhistory Group Group

Defining sampling functions for one or more of the interfaces of th

e monitor (See Figure 8.7)

historyControlTable : specifying the interface and the details of the

sampling functions

etherHistoryTable : recording the data

Relationship between the control table and the data table (see Fig.

8.8)


y

historyhistory Group (cont’d) Group (cont’d)


y



y


History table

Identifying the interface


y


etherHistoryUtilization

etherStateOctets and etherStatePkts can be used to measure the utilization of the subnetwork

Utilization = Interval x 107

x 100% (Packets x (96 + 64)) + (Octets x 8)

Interframe-gappreamble

Medium data rate


y

hosthost Group Group

Used for gathering statistics about specific hosts on the LAN

Monitor learns of new hosts on the LAN by observing the source a

nd destination MAC addresses in good packets

Consisting of three tables : one control table and two data tables (

see Fig. 8.9)

relationship between the control table and two data table (Fig 8.11)

Counters in hostTable (Table 8.3)


y

hosthost Group Group


y

hosthost Group (cont’d) Group (cont’d)


y

hosthost Group (cont’d) Group (cont’d)


y

hosthost Group (2) Group (2) A simple RMON Configuration

agent a agent b agent c

RMONProbe

agent d agent e

Subnetwork X

Subnetwork Y

Interface 1

Interface 2

K = 2Subnetwork X Iinterface #1; hostControlIndex = 1 has three hosts; hostControlTablesize is3 (N1 = 3) ; Subnetwork Y has two hosts (N2 = 2)


y

hostTopNhostTopN Group Group

Used to maintain statistics about the set of hosts on one subnetwo

rk that top a list based on some parameter

Driving from data in the host group

report : set of statistics for host group object on one interface or su

bnetwork

Consisting of one control table and one data table (see Fig. 8.12 an

d Fig. 8.13)


y

hostTopNhostTopN Group (cont’d) Group (cont’d)


y



y


Specifying particular subnetwork


y

MatrixMatrix Group Group

Used to record information about the traffic between pairs of hosts

on a subnetwork

The information is stored in the form of a matrix

useful for pairwise traffic information, such as finding out which devices are making the most use of a server

Consisting of one control table and two data tables (Fig. 8.14)


y

MatrixMatrix Group (cont’d) Group (cont’d)


y

MatrixMatrix Group (cont’d) Group (cont’d)

Documents

1 Kyung Hee University Prof. Choong Seon HONG Remote Network Monitoring statistics Collection