Remote Network Monitoring (RMON)
J. Won-Ki Hong Dept. of Computer Science and Engineering POSTECH Tel: 054-279-2244 Email: jwkhong@postech.ac.kr

Table of Contents • • • • • Basic Concepts RMON Goals RMON MIB Table Management RMON MIB Groups RMON2 POSTECH DP&NM Lab 2 .

the manager can obtain information on the LAN as a whole • called network monitors.RMON Basic Concepts POSTECH DP&NM Lab • Extends the SNMP functionality without changing the protocol • Allows the monitoring of remote networks (internetwork management) • MAC-layer (layer 2 in OSI) monitoring • Defines a Remote MONitoring (RMON) MIB that supplements MIB-II – with MIB-II. the manager can obtain information on individual devices only – with RMON MIB. analyzers or probes 3 .

RMON RFCs RFC 11 11 11 11 POSTECH DP&NM Lab Date Title Sept. 1111 Remote Network Monitoring Management Information Base Version1 using SMIv (RMON MIB ) 1 1 4 11 11 . 1111 Remote Network Monitoring Management Information Base (RMON MIB) Jan. 1111 T oken Ring Extensions to the Remote Network Monitoring MIB Feb.

g..RMON Goals POSTECH DP&NM Lab • Monitoring subnetwork-wide behavior • Reducing the burden on agents and managers • Continuous off-line monitoring in the presence of failures (in network or manager) • Proactive monitoring – perform some of the manager functions (e. diagnostics) • Problem detection and reporting • Provide value-added (analyzed) data • Support multiple managers 5 .

Example Configuration for Remote Monitoring Management console with RMON probe Ethernet Router Router Local management console with RMON probe Central Site Router Router Router Router Ethernet FDDI backbone Bridge Bridge POSTECH DP&NM Lab Router Router PC with RMON probe Router with RMON probe Token Ring LAN Ethernet PC with RMON probe 6 .

Example of RMON probe with two interfaces agent a agent b agent c POSTECH DP&NM Lab Interface 1 RMON probe Interface 2 Subnetwork X Subnetwork Y agent d agent e 7 .

Control of Remote Monitors • RMON MIB contains features that support extensive control from NMS – Configuration control – Action Invocation POSTECH DP&NM Lab • RMON MIB is organized into a number of functional groups • Each group may contain one or more control tables and one or more data tables • Control table (typically read-write) contains parameters that describe the data in a data table (typically read-only) 8 .

• To modify or disable a particular data collection function: – it is necessary first to invalidate the control row – this causes the deletion of that row and the deletion of all associated rows in data tables – NMS can create a new control row with the modified parameters 9 .Configuration Control POSTECH DP&NM Lab • At configuration time. the collection timing. etc. NMS sets the appropriate control parameters to configure the remote monitor to collect the desired data – the parameters are set by adding a new row to the control table or by modifying an existing row – a control table may contain objects that specify the source of data to be collected. the type of data.

underCreation (3).RMON MIB Table Mgmt (1) POSTECH DP&NM Lab • The RMON specification includes a set of textual conventions and procedural rules for row addition and deletion • Textual conventions OwnerString ::= DisplayString EntryStatus ::= INTEGER { valid (1). createRequest (2). invalid (4) } 10 .

RMON MIB Table Mgmt (2) • Row Addition POSTECH DP&NM Lab – is achieved by using the SNMP SetRequest PDU which includes instance objects and their values • Row Deletion – is achieved by setting the status object for that row to invalid • Row Modification – is achieved by first invalidating the row and then adding the row with new object instance values 11 .

Example Control & Data Tables rm1ControlTable rmlControlIndex 1 2 3 POSTECH DP&NM Lab rmlControlParameter rmlControlOwner 5 26 19 monitor manager alpha manager beta rmlControlStatus valid (1) valid (1) valid (1) rm1DataTable rmlDataControlIndex 1 2 2 2 2 2 3 3 rmlDataIndex 1 1 2 3 4 5 1 2 rmlDataValue 46 96 85 77 27 92 86 26 12 .

POSTECH DP&NM Lab Transitions of EntryStatus State nonexistent create Request under Creation valid performed by manager performed by agent invalid 13 .

RMON MIB rmon (mib-2 16) statistics (1) history (2) alarm (3) host (4) hostTopN (5) matrix (6) filter (7) capture (8) event (9) tokenRing (10) POSTECH DP&NM Lab 14 .

tokenRing: maintains stats & config info for token ring subnet 15 .POSTECH DP&NM Lab RMON MIB Groups 1. alarm: allows NMS to set sampling interval & alarm threshold 4. hostTopN: contains sorted host stats that top a list based on some parameter in the host table 6. event: specifies events to be generated by the RMON probe 10. matrix: shows utilization and error stats in matrix for host pairs 7. history: records periodic statistical samples from the stats group 3. filter: allows the monitor to observe packets that match a filter 8. capture: specifies how data is sent to NMS 9. host: contains counters for traffic from hosts on the subnetwork 5. statistics: maintains MAC-level utilization and error stats 2.

RMON MIB2 POSTECH DP&NM Lab • RMON MIB monitors MAC-level subnet traffic • RMON MIB2 can monitor traffic of packets at layers 3 to 7 of the OSI Reference Model • Provides Network-layer Visibility – can distinguish between local LAN and remote LAN traffic • Provides Application-layer Visibility – can analyze traffic to and from hosts for particular applications – can determine which applications are putting the load on the net • RMON MIB2 is basically an extension of RMON MIB 16 .

RMON MIB2 rmon (mib-2 16) statistics (1) history (2) alarm (3) host (4) hostTopN (5) matrix (6) filter (7) capture (8) event (9) tokenRing (10) RMON 1 POSTECH DP&NM Lab protocolDir (11) protocolDist (12) addressMap (13) nlHost (14) nlMatrix (15) alHost (16) alMatrix (17) usrHistory (18) probeConfig (19) RMON 2 17 .

nlMatrix: network layer traffic stats per pairs of hosts 16. probeConfig: defines standard configuration parameters for18 RMON probes . nlHost: network layer traffic stats per host 15. alMatrix: application layer traffic stats per pairs of hosts 18. userHistory: periodically samples and logs user-defined data 19.POSTECH DP&NM Lab RMON MIB2 Groups 11. protocolDir: a master directory of all of the protocols that the probe can interpret 12. per LAN segment 13. protocolDist: aggregate stats on the amount of traffic generated by each protocol. addressMap: contains MAC and port addresses of the devices 14. alHost: application layer traffic stats per host 17.

Summary POSTECH DP&NM Lab • RMON extends the SNMP functionality without changing the protocol • RMON can monitor information on a whole subnetwork • RMON is used extensively in analyzing network traffic for problem detection and network planning • RMON2 allows monitoring of traffic at layers 3 to 7 in the OSI Model • RMON2 can be used to analyze network traffic more accurately even to the application level • Read Chapters 8. 9 and 10 19 .

