remote network monitoring

May 3, 2023 1

Remote Network Monitoring

Speaker: Yousef Emami

December 22th,2013 [email protected]

Shiraz University of Technology,CE&IT Faculty,Network Management

2

Agenda RMON: Remote Network Monitoring RMON1 RMON1 groups The RMON1 MIB Brief Notes Capabilities of RMON1 How Does RMON2 Work? Mission Diagram of the RMON2 MIB The RMON2 MIB Capabilities of RMON2 Salient Feature RMON Components RMON Probe RMON Support in Ethernet switches NAM Traffic Analyzer Case Study RMON 2 in catalyst 5000 HC RMON ATM RMON Monitor Gigabit Communication from the Edge to the Core SMON LoriotPro Reference

May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management

May 3, 2023 3

RMON: Remote Network Monitoring

The most important addition to the basic set of SNMP standards is the RMON (Remote Network MONitoring) standard, RFC 1271.

RMON is a major step forward in internetwork management.

It defines a remote-monitoring MIB that supplements MIB-II and provides the network manager with vital information about the internetwork.

RMON1 focused on OSI Layer 1 and Layer 2 information in Ethernet and Token Ring networks. It has been extended by RMON2 which adds support for Network-and Application-layer monitoring and by SMON (Oracle System MONitor) which adds support for switched networks.


May 3, 2023 4

RMON1

With the RMON1 MIB, network managers can collect information from re-mote network segments for the purposes of troubleshooting and performance Monitoring.

The RMON1 MIB provides:

Current and historical traffic statistics for a network segment, for aspecific host on a segment, and between hosts (matrix).

A versatile alarm and event mechanism for setting thresholds and noti-fying the network manager of changes in network behavior.

A powerful, flexible filter and packet capture facility that can be usedto deliver a complete, distributed protocol analyzer.


May 3, 2023 5

RMON1 groups


May 3, 2023 6

The RMON1 MIB :

1.Statistics: real-time LAN statistics, e.g., utilization, collisions, CRC errors.

2. History: history of selected statistics.

3. Alarm: definitions for RMON SNMP traps to be sent when statistics exceed defined thresholds.

4. Hosts: host specific LAN statistics, e.g., bytes sent/received, frames sent/received.

5. Hosts top N: record of N most active connections over a given time period.

6. Matrix: the sent-received traffic matrix between systems.

7. Filter: defines packet data patterns of interest, e.g., MAC address or TCP port.

8. Capture: collect and forward packets matching the Filter.

9. Event: send alerts (SNMP traps) for the Alarm group.

10. Token Ring: extensions specific to Token Ring.


May 3, 2023 7

Brief Notes An RMON implementation typically operates in a client/server model.

Monitoring devices (commonly called “probes” in this context) contain RMON software agents that collect information and analyze packets. These probes act as servers and the Network Management applications that com-municate with them act as clients.

Probes have more responsibility for data collection and processing, whichreduces SNMP traffic and the processing load of the clients.

Information is only transmitted to the management application when re-quired, instead of continuous polling.


May 3, 2023 8

Brief Notes

RMON is designed for “flow-based” monitoring, while SNMPis often used for “device-based” management.

RMON is similar to other flow-based monitoring technologies such as NetFlow and SFlow because the data collected deals mainly with traffic patterns rather than the status of individual devices.

One disadvantage of this system is that remote devices shoulder more of the management burden and require more resources to do so. Some devices balance this trade-off by implementing only a subset of the RMON MIB groups (see below). A minimal RMON agent implementation could support only statistics, history, alarm, and event.


May 3, 2023 9

Capabilities of RMON1

Without leaving the office, a network manager can watch the traffic ona LAN segment, whether that segment is physically located around thecorner or around the world.

Deploying network management staff resources more efficiently meansthat one expert at a central site can be working on several problems bygetting information from several probes at remote sites.

Network managers desperately need tools that can leverage their re-sources and increase their scope of control. RMON1 does just that.


May 3, 2023 10

How Does RMON2 Work?

RMON2 follows client/server model

Applications communicating to the "server" agents using the Simple Network Management Protocol (SNMP).

RMON2 agents will be found in dedicated devices and/or embedded in network infrastructure devices.

With the increased volume of traffic statistics being collected by RMON2, the processor power and memory of the agent will be very important considerations.


Remote Monitoring in the ISO Model Going Up-the-stack With RMON2

May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management 11

Mission


Diagram of the RMON2 MIB

May 3, 2023Shiraz University of Technology,CE&IT Faculty,Network Management

13

May 3, 2023 14

The RMON2 MIB

1. Protocol Directory: list of protocols the probe can monitor.2. Protocol Distribution: traffic statistics for each protocol.3. Address Map: maps network-layer (IP) to MAC-layer addresses.4. Network-Layer Host: layer 3 traffic statistics, per each host.5. Network-Layer Matrix: layer 3 traffic statistics, per source/destinationpairs of hosts6. Application-Layer Host: traffic statistics by application protocol, per host.7. Application-Layer Matrix: traffic statistics by application protocol, per source/destination pairs of hosts.8. User History: periodic samples of user-specified variables.9. Probe Configuration: remote config of probes.10. RMON Conformance: requirements for RMON2 MIB conformance


LoriotPro Source Destination Matrix


May 3, 2023 16

Capabilities of RMON2

Higher Layer Statistics

Address Translation

User-Defined History

Improved Filtering

Probe Configuration


Salient Feature

The TimeFilter mechanism allows an NMS to reduce the number transactions required for a 'table-update' operation, by retrieving only the rows that have changed since a specified time (usually the last poll time).

No direct way in SNMP, but RMON2 has a mechanism

Value Added Data


RMON Components


RMON Probe Data gatherer :A physical device RMON Probe are built into many high-end switches and routers. Data analyzer Processor that analyzes data

Figure 4:RMON Components

May 3, 2023 19

RMON Probes

The RMON probe also called RMON agent is a dedicated device including hardware or software or it can be software embedded into a network device like a router or a switch.

RMON probe can also be software running on a standard operating system like Windows or Linux. The application and the agent communicate across the network using the Simple Network Management Protocol (SNMP).


May 3, 2023 20

RMON support in the switch

The RMON probe functions may be present (embedded) in the network switches (Ethernet) and provide partial or full support of some RMON groups.


May 3, 2023 21

Port MirroingPort mirroring is used on a network switch to send a copy of all network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port.


May 3, 2023 Shiraz University of Technology,CE&IT Faculty,Network Management

22

In-line tapsIn-line taps are inserted directly into network link (copper wire or fiber). They split or copy the signals from both channels (full duplex) and retransmit the data streams hack out to the probe.


RMON Support in Ethernet switches

NAM Traffic Analyzer

The Network Analysis Module (NAM) is an interface card installed in the Catalyst 6000 and 6500 Series switches and Cisco 3660, 3700 Series, 2800 and 3800 Series routers, and select models of the 2600. The NAM monitors and analyzes network traffic using remote monitoring (RMON), RMON Extensions for Switched Networks (SMON), and other management information bases (MIBs).

The NAM Traffic Analyzer is software that is embedded in the NAM that gives you browser-based access to the RMON1, RMON2, SMON, and voice monitoring features of the NAM.


Case Study

Catalyst 5000 Family Network Analysis Module

Fully Integrated RMON/RMON2

The network analysis module is completely integrated into the Catalyst 5000 Family switch and shares the switch’s management IP address and Simple Network Management Protocol (SNMP) community strings for seamless access between mini-RMON and the extended RMON/RMON2 groups on the network analysis module.

No external data cables, power cords, or console connections are required. The network analysis module consumes a single slot and can be installed into any Catalyst 5000, 5500,5505, or 5509 chassis running Supervisor Engine software release 4.3 or higher


RMON 2 in catalyst 5000


High-Capacity RMON

The HCRMON system provides:

A direct, passive link into the data stream, offering an independent,proven, and trusted view of network traffic.

Full adherence to all 21 RMON groups, including HCRMON for complete data collection.

Compatibility to any RMON management console or collection facility


ATM RMON ATM Forum extended RMON to ATM ATM RMON provides cell-based (per-host and per-conversation) traffic information. ATM devices require cell-based measurements and statistics. Probe should be able to handle high speed


Monitor Gigabit Communication from the Edge to the Core


RMON Extensions for Switched Networks (SMON)

SMON is a plug-in for hosts ,operating systems and hardware.

The System Monitoring Plug-in for Hosts for Operating System and Hardware delivers comprehensive monitoring, administration and configuration management capabilities for Windows, Linux and Unix servers, significantly reducing the complexity and cost associated with managing operating system environments.


LoriotPro RMON

Group Description

Protocol Directory Lists the inventory of protocols that the probe can monitor

Protocol Distribution Collects the number of octets and packets for protocols detected on a network segment

Network Layer Host Counts the amount of traffic sent from and to each network address discovered by the probe

Network Layer Matrix Counts the amount of traffic sent between each pair of network addresses discovered by the probe

Application Layer Host Counts the amount of traffic, by protocol, sent from and to each network address discovered by the probe

Application Layer MatrixCounts the amount of traffic, by protocol, sent between each pair of network addresses discovered by the probe

User History Periodically samples user-specified variables and logs the data based on user-defined parameters

Probe Configuration Defines standard configuration parameters for RMON probes

Address Map


May 3, 2023 33

Thank you for your kind attention

?


May 3, 2023

Reference

[1] Jianguo Ding ,”Advances in Network Management”, Auerbach Publications,2013

[2] Remote Monitoring 2, http://tools.ietf.org/html/draft-ietf-rmonmib-rmon2-v2-05,2013

[3] Catalyst 5000 Family Network Analysis Module

http://www.cisco.com/en/US/products/hw/switches/ps679/products_data_sheet09186a008072ad96.htm l,2013[4] User Guide for Cisco Network Analysis Module Traffic Analyzer, http://

www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/3.6/user/guide/users.html ,2013

[5] SMON ,http://docs.oracle.com/cd/B16240_01/doc/nav/plugins.html,2103

[6] Remote Monitoring MIB Extensions for ATM Networks, http://www.broadband-forum.org/,2013

[7] RMON GUI - Remote network MONitoring Administrator handbook http://www.loriotpro.com/Products/RMON_GUI/225-RMON_Probes_EN.html,2013

[8] Gigabit Network Analysis , www.networkinstruments.co.uk,2013

Shiraz University of Technology,CE&IT Faculty,Network Management 34

http://tools.ietf.org/html/draft-ietf-rmonmib-rmon2-v2-05,2013

http://www.cisco.com/en/US/products/hw/switches/ps679/products_data_sheet09186a008072ad96.html,2013






http://www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/3.6/user/guide/users.html,2013




http://docs.oracle.com/cd/B16240_01/doc/nav/plugins.htm

http://docs.oracle.com/cd/B16240_01/doc/nav/plugins.html





http://www.broadband-forum.org/,2013

http://www.broadband-forum.org/,2013

http://www.loriotpro.com/Products/RMON_GUI/225-RMON_Probes_EN.html,2013

http://www.loriotpro.com/Products/RMON_GUI/225-RMON_Probes_EN.html,2013