You are on page 1of 4

What is RMON?

RMON is the common abbreviation for Remote Monitoring, a system defined by the IETF that allows you to monitor the traffic of LANs or VLANs remotely. RMON (Remote Network Monitoring) provides standard information that a network administrator can use to monitor, analyze, and troubleshoot a group of local area networks (LANs) from central location. Remote Monitoring (RMON) is an extension to the SNMP MIB, and includes two versions - RMON and RMON 2.

Goals of RMON Offline Operation: There are sometimes conditions when a management station will not be in constant contact with its remote monitoring devices. Proactive Monitoring : Continuously run diagnostics and log network performance and notify the management station of the failure and store historical statistical information about the failure Problem Detection and Reporting : The monitor can be configured to recognize conditions, most notably error conditions, and to continuously check for them. When one of these conditions occurs, the event may be logged, and management stations may be notified in a number of ways.

Versions of RMON RMON1It defines 10 MIB groups for basic monitoring. It allows network monitoring at MAC layer or below RMON1 was only capable of providing information up to the MAC level, RMON2This is an extension of RMON 1 that focuses on higher layers of traffic above the MAC layer It has an emphasis on IP traffic and application level traffic It allows network management applications to monitor packets on all network layers. RMON 2 is capable of monitoring traffic up to the application level. Components of RMON A typical RMON setup consists of two components: The RMON probe An intelligent, remotely-controlled device or software agent that

continually collects statistics about a LAN segment or VLAN, and transfers the information to a management workstation on request or when a pre-defined threshold is crossed. It collects information according to the traffic that passes through it, providing information about the health of the network itself, rather than a particular device.

The management workstation - Communicates with the RMON probe and collects the statistics from it. The workstation does not have to be on the same network as the probe and can manage the probe by in-band or out-of-band connections. Reference:

Protocol Structure - RMON: Remote Monitoring MIBs(RMON1 and RMON2) The RMON1 and RMON2 are focused at different network layers:

RMON1 Groups & Functions RMON Groups RMON delivers information in nine RMON groups of monitoring elements, each providing specific sets of data to meet common network-monitoring requirements. Statistics The Statistics group provides traffic and error statistics showing packets, bytes, broadcasts, multicasts and errors on a LAN segment or VLAN

Alarms The Alarms group provides a mechanism for setting thresholds and sampling intervals to generate events on any RMON variable. Alarms are used to inform you of network performance problems and they can trigger automated responses through the Events group. Hosts The Hosts group specifies a table of traffic and error statistics for each host (end station) on a LAN segment Matrix The Matrix group shows the amount of traffic and number of errors between pairs of devices on a LAN segment

Events The Events group provides you with the ability to create entries in an event log and send SNMP traps to the management workstation Filters Enables packets to be matched by a filter equation Working of the RMON

Setup: FDDI Backbone network with a local Ethernet LAN, two remote LANS, one is a token ring LAN and the other an FDDI Lan. NMS is on the the local Ethernet LAN Monitoring Ethernet Local LAN is monitored by the Ethernet probe on the LAN. The FDDI backbone is monitored by an FDDI probe via the bridge and Ethernet LAN. Token Rink is monitored by the token ring probe The FDDI LAN is monitored by the built in probe on the router. Both the remote LANs communicate with the NMS via the routers, the WAN and the backbone network,

Working RMON devices monitors the local network segment & does the necessary analyses and informs the NMS only when there are exceptions or NMS requests for some info. This reduces the traffic especially on the segment in which the NMS resides, as all the monitoring traffic would otherwise converge there. Common management information protocol

The common management information protocol (CMIP) is a protocol for network management. It provides an implementation for the services defined by CMIS(Common Management Information Service Element ) allowing communication between network management applications and management agents. Management operation services M-CREATE - Create an instance of a managed object M-DELETE - Delete an instance of a managed object M-GET - Request managed object attributes (for one object or a set of objects) M-CANCEL-GET - Cancel an outstanding GET request M-SET - Set managed object attributes M-ACTION - Request an action to be performed on a managed object

Network management based on the CMIP/CMIS