COMM3D Network Administration and Management

1
COMM3DNetwork Administration and Management

• Remote Monitoring
• http//osiris.sunderland.ac.uk/cs0cst/

2
Objectives
In todays lecture An introduction to Remote
Monitoring. Detailed overview of the RMON
Protocol. The use of RMON within a Network
Management System. Learning outcomes Students
should understand the importance of performing
remote monitoring. Students should be able to
understand the use of RMON. Knowledge of the
advantages and disadvantages of using RMON
3
Network Management Protocols

• Problem SNMP is an alarm driven system and as
  such it only supports events from devices and
  provides no mechanism for remote monitoring of
  network segments.
• Solution Deploy remote monitoring devices
  (called probes) on each segment of your network.
  By attaching promiscuous devices to the segment
  the probe can passively gather statistics about
  the traffic moving around the network and send
  SNMP alerts to notify the management system about
  the segment.
• The Probe
• Dedicated Hardware probes with memory,
  processor, eth
• SNMP Agent running on a host computer

4
Remote Network MOnitor
RMON provides a means to collect and access
statistics about network segments using an SNMP
based management system. Probes - Generate
SNMP Alarms - Have a MIB Definition
5
Aims Remote Monitoring
Resource use The polling and alarm events that
go on in an SNMP environment aren't sustainable
over remote segments thus RMON provides a means
to localise logging to reduce traffic. Offline
Operation Logging occurs locally to each segment
so even if connectivity to that segment is lost
the logs still maintain there integrity.
Preemptive monitoring Localized monitoring
allows for increased diagnostic activity. Problem
detection and reporting The probe can trigger
alarms in the event of certain preconfigured
event monitors which are customized for that
segment. Value-added data Given a dedicated
probe device it is possible to implement expert
systems Multiple managers Provides inherent
support for multiple network managers
6
History of the RMON Protocol
RMON Initially proposed in the early 90s it was
finally adopted around the same time as SNMP.
Comes from a different design philosophy. Referen
ce Material RMON MIB RMON (1) was initially
specified in RFC 1271 RMON-2 Came about in 1997
specified in RFC 2021 RMON Overview provided in
RFC 3577 (2003) RMON-2 changes the focus of the
standard to include the ability to monitor
elements from the upper levels of the OSI model
7
RMON 1 and RMON 2
RMON (2) Not just an update to the existing
standard, provides additional functionality to
monitor higher level OSI layers.
8
RMON (1) MIB Tree

Root
ISO
Org
1. Statistics
DoD
2. History
Internet
3. Alarm
Mgmt
Private
4. Hosts
MIB 1 2
5. Host Top N
RMON
6. Matrix
MIB 1
7. Filter
8. Capture
MIB 2
9. Event
10. Token Ring
9
RMON (1) Groups
Statistics Group Contains objects which are
measured for each network interface on the probe.
Allows you to monitor things like collisions,
levels of broadcast traffic, mal formed
packets, throughput of the segment, management
information. - Performance, Fault and
Configuration History Group The history group
maintains periodic samples of the data contained
in the Statistics group so that the probe has a
historical record for reference / analysis. -
Performance Management
10
RMON (1) Groups
The Alarm Group allows us to set thresholds for
many of the objects contained in the RMON MIB. If
these thresholds are exceeded twice in a defined
period of time the probe will trigger an
alert. E.g. X number of collisions within a 10
min period Used as a performance management
indicator. The Host Group this provides
information about the hosts attached to the
network segment. Through carrying out analysis of
the packets travelling on the segment the host
group contains a list of known MAC addresses. -
Security,Performance,Configuration,Accounting
11
RMON (1) Groups
The Host TopN Group Uses the information in the
host group to generate reports about the network
use of all hosts connected to the segment. Can
set thresholds and sample intervals. - Security,
Accounting The Matrix Group contains a matrix of
the number of packets sent to and from each host
on the network. Allows us to identify how managed
devices on the network interact with each other
questions such as dependency. - Security ,
Configuration The Event Group allows us to
define events which should generate an SNMP trap
which will notify the central management system.
12
RMON (1) Groups
The Filter Group allows a network manager to
instruct the probe to filter specific packets and
keep a count of them for further analysis. This
allows us to profile traffic by type in order to
inform the security or fault management
process. The Packet Capture Group as with the
filter group you can set patterns for traffic you
want to monitor however this group enable the
capture of these packets so that their content
can be explored at a later date. Like a built in
traffic analyser. - security , performance ,
accounting
13
RMON (2) MIB Tree
Root
RMON
ISO
Org
RMON1
RMON2
DoD
Internet
Mgmt
Private
MIB 1
14
RMON (2) Features
Address Translation Binding between MAC-layer
addresses and network-layer addresses. Address
translation leads to improved topology maps.
Allows for the detection of IP address conflicts.
User Defined History With this new feature, the
network manager can configure history studies of
any counter in the system, such as a specific
history on a particular file server or a
router-to-router connection. In the RMON1
standard, historical data is collected only on a
predefined set of statistics.
15
RMON (2) Features
Improved Filtering. Additional filters are
required to support the higher-layer protocol
capabilities of RMON2. This improved filtering
allows the user to configure more flexible and
efficient filters, especially relating to the
higher-layer protocols.   Probe Configuration.
With RMON2, one vendor's RMON application will be
able to remotely configure another vendor's RMON
probe. This lead to increased interoperability
between different probes on your network
16
Why we use RMON
Provides additional management data above and
beyond SNMP Allows for logging information that
cant be supported by SNMP alone Interfaces into
an SNMP system through its ability to send trap
events. Provides a means for monitoring
individual segments and decentralising the
management system Shown to reduce the cost of
management through number of staff and resources
used in the management process
17
Summary
Remote Management The act of putting probe
devices on each segment of the network in order
to capture local statistics. Different
Standards RMON 1and RMON 2 offer services to
different layers of the OSI model. SNMP
compliments SNMP by having the probe able to send
traps back to the central network management
system. Allows - Additional Management
Data - Cost Savings - Local logging