23-04-2010, 02:22 PM
[attachment=3354]
RMON:Remote Monitoring
Presented By:
Presented by:
Ambily
Asha
Rashmi
Shruthi
Problem Statement
Slowness issue
5 resources per location-24X7 monitoring
Manual monitoring
No continuous monitoring of the network
No proactive alerting mechanism
Manual analysis
Trend analysis
Performance finetuning
What is RMON?
RMON is the common abbreviation for Remote Monitoring, a system defined by the IETF that allows you to monitor the traffic of LANs or VLANs remotely.
RMON (Remote Network Monitoring) provides standard information that a network administrator can use to monitor, analyze, and troubleshoot a group of local area networks (LANs) from central location.
Remote Monitoring (RMON) is an extension to the SNMP MIB, and includes two versions “ RMON and RMON 2.
MIB - A Management Information Base (MIB) is a collection of information that is organized hierarchically. MIBs are accessed using a network-management protocol such as SNMP. They are comprised of managed objects and are identified by object identifiers.
Goals of RMON
RMONâ„¢s primary goal is to provide information relating to network errors and utilization. RMON data is gathered as part of ten different monitoring groups.
Offline Operation:
There are sometimes conditions when a management station will not be in constant contact with its remote monitoring devices. Probes will perform diagnostics and to collect statistics continuously, even when communication with the management station may not be possible or efficient
Proactive Monitoring :
Continuously run diagnostics and log network performance and notify the management station of the failure and store historical statistical information about the failure.
Problem Detection and Reporting :
The monitor can be configured to recognize conditions, most notably error conditions, and to continuously check for them. When one of these conditions occurs, the event may be logged, and management stations may be notified in a number of ways.
Value Added Data :
Highlighting those hosts on the network that generate the most traffic or errors, the probe can give the management station precisely the information it needs to solve a class of problems.
Versions of RMON
RMON was originally developed to address the problem of managing LAN segments and remote sites from a Central Location
There are two versions of RMON, RMON 1 & RMON 2:
RMON1-
It defines 10 MIB groups for basic monitoring.
It allows network monitoring at MAC layer or below
RMON1 was only capable of providing information up to the MAC level,
RMON2-
This is an extension of RMON 1 that focustes on higher layesrs of traffic above the MAC layer
It has an emphasis on IP traffic and application level traffic
It allows network management applications to monitor packets on all network layers.
RMON 2 is capable of monitoring traffic up to the application level.
Components of RMON
A typical RMON setup consists of two components:
The RMON probe “ An intelligent, remotely-controlled device or software agent that continually collects statistics about a LAN segment or VLAN, and transfers the information to a management workstation on request or when a pre-defined threshold is crossed.
It collects information according to the traffic that passes through it, providing information about the health of the network itself, rather than a particular device.
The management workstation - Communicates with the RMON probe and collects the statistics from it. The workstation does not have to be on the same network as the probe and can manage the probe by in-band or out-of-band connections.
RMON1 Groups & Functions
RMON Groups
RMON delivers information in nine RMON groups of monitoring elements, each providing specific sets of data to meet common network-monitoring requirements.
Statistics
The Statistics group provides traffic and error statistics showing packets, bytes, broadcasts, multicasts and errors on a LAN segment or VLAN. Information from the Statistics group is used to detect changes in traffic and error patterns in critical areas of your network.
History
The History group provides historical views of network performance by taking periodic samples of the counters supplied by the Statistics group. The group is useful for analyzing the traffic patterns and trends on a LAN segment or VLAN, and for establishing the normal operating parameters of your network.
Alarms
The Alarms group provides a mechanism for setting thresholds and sampling intervals to generate events on any RMON variable. Alarms are used to inform you of network performance problems and they can trigger automated responses through the Events group.
Hosts
The Hosts group specifies a table of traffic and error statistics for each host (endstation) on a LAN segment or VLAN. Statistics include packets sent and received, octets sent and received, as well as broadcasts, multicasts, and error packets sent. The group supplies a list of all hosts that have transmitted across the network.
Hosts Top N
The Hosts Top N group extends the Hosts table by providing sorted host statistics, such as the top 20 hosts sending packets or an ordered list of all hosts according to the errors they sent over the last 24 hours.
Matrix
The Matrix group shows the amount of traffic and number of errors between pairs of devices on a LAN segment or VLAN. For each pair, the Matrix group maintains counters of the number of packets, number of octets, and error packets between the hosts. The conversation matrix helps you to examine network statistics in more detail to discover, for example, who is talking to whom or if a particular PC is producing more errors when communicating with its file server.
Events
The Events group provides you with the ability to create entries in an event log and send SNMP traps to the management workstation. Events can originate from a crossed threshold on any RMON variable. In addition to the standard five traps required by SNMP (link up, page link down, warm start, cold start, and authentication failure), RMON adds two more: rising threshold and falling threshold.
Filters
Enables packets to be matched by a filter equation. These matched packets form a data stream that might be captured or that might generate events.
Packet Capture
Enables packets data such as the size of buffer, no of packets captured after they flow through the channel.
Token Ring
This is optional for Token Ring Networks.
Working of the RMON
Setup:
FDDI Backbone network with a local Ethernet LAN, two remote LANS, one is a token ring LAN and the other an FDDI Lan.
NMS is on the the local Ethernet LAN
Monitoring
Ethernet Local LAN is monitored by the Ethernet probe on the LAN.
The FDDI backbone is monitored by an FDDI probe via the bridge and Ethernet LAN.
Token Rink is monitored by the token ring probe
The FDDI LAN is monitored by the built in probe on the router.
Both the remote LANs communicate with the NMS via the routers, the WAN and the backbone network,
Working
RMON devices monitors the local network segment & does the necessary analyses and informs the NMS only when there are exceptions or NMS requests for some info.
This reduces the traffic especially on the segment in which the NMS resides, as all the monitoring traffic would otherwise converge there.
Alarm Group
Set thresholds on a variety of items affecting network performance
When the thresholds are crossed, events are reported.
In general, the values of thresholds are determined according to past experience.
Benefits
Centralized monitoring of the entire network
Few skilled resources requirement
Continuous monitoring
Online reporting
Proactive alert mechanism is available
Better trouble shooting & reduced time for troubleshooting
Historical trend analysis
Decision making-performance tuning
Advantages of RMON
It improves your efficiency -Using RMON probes allows you to remain at one workstation and collect information from widely dispersed LAN segments or VLANs. This means that the time taken to reach a problem site, set up equipment, and begin collecting information is largely eliminated.
It allows you to manage your network in a more proactive manner- If they are configured correctly, RMON probes deliver information before problems occur. This means that you can take action before they affect users.
It reduces the load on the network and the management workstation Traditional network management involves a management workstation polling network devices at regular intervals to gather statistics and identify problems or trends. As network sizes and traffic levels grow, this approach places a strain on the management workstation and also generates large amounts of traffic. An RMON probe, however, autonomously looks at the network on behalf of the management workstation without affecting the characteristics and performance of the network. The probe reports by exception, which means that it only informs the management workstation when the network has entered an abnormal state.
Increases Productivity for administrators.
Permits monitoring on a more frequent basis and hence faster fault diagnosis.
Needs no direct visibility by NMS; more reliable information.
Disadvantages of RMON
The amount of information it provides is insufficient for network managers and administrators who need to solve complex problems, often at a distance.
The mechanism employed for data retrieval to a central management console are slow and very bandwidth inefficient.
RMON values are stored in 32 bit registers which limit the count value to 4,294,967,295. Although a seemingly large value, this is actually quite small. In a 100 Mbps fast Ethernet network running at just 10% loading, the counters will be reset to zero after just one hour of acitivity.
Full RMON support in hardware typically requires dedicated RISC processor technology and this is achievable in sub -$1,000 routers, hubs etc.