Docstoc

Remote Monitoring _RMON_ Notes

Document Sample
Remote Monitoring _RMON_ Notes Powered By Docstoc
					Remote Monitoring (RMON) Notes

Reference Material from
http://www.cisco.com/en/US/docs/internetworking/technology/handbook/RMON.html#wp1021816

Chapter Goals
   • Describe the background of Remote Monitoring.
   • Describe the nine RMON groups of monitoring.

Remote Monitoring

Background
Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and
console systems to exchange network-monitoring data. RMON provides network administrators with more
freedom in selecting network-monitoring probes and consoles with features that meet their particular
networking needs. This chapter provides a brief overview of the RMON specification, focusing on RMON
groups.
The RMON specification defines a set of statistics and functions that can be exchanged between RMON-
compliant console managers and network probes. As such, RMON provides network administrators with
comprehensive network-fault diagnosis, planning, and performance-tuning information.
RMON was defined by the user community with the help of the Internet Engineering Task Force (IETF). It
became a proposed standard in 1992 as RFC 1271 (for Ethernet). RMON then became a draft standard in 1995
as RFC 1757, effectively obsoleting RFC 1271.
Figure 55-1 illustrates an RMON probe capable of monitoring an Ethernet segment and transmitting statistical
information back to an RMON-compliant console.

Figure 55-1 An RMON Probe Can Send Statistical Information to an RMON Console




                                                                                               1
RMON Groups

RMON delivers information in nine RMON groups of monitoring elements, each providing specific sets of data
to meet common network-monitoring requirements. Each group is optional so that vendors do not need to
support all the groups within the Management Information Base (MIB). Some RMON groups require support
of other RMON groups to function properly. Table 55-1 summarizes the nine monitoring groups specified in
the RFC 1757 Ethernet RMON MIB.
Table 55-1 RMON Monitoring Groups




                                                                                              2
Further explained: RMON [RMON] uses 9 different monitoring groups to obtain information about the
                   network.

Statistics         - stats measured by the probe for each monitored interface on this device
History            - records periodic statistical samples from a network and store for retrieval
Alarm              - periodically takes statistic samples and compares them with a set of thresholds for event
                   generation
Host               - contains statistics associated with each host discovered on the network
HostTopN           - prepares tables that describe top hosts
Filters            - enable packets to be matched by a filter equation for capturing events
Packet capture     - captures packets after they flow through the channel
Events             - controls generation and notification of events from a device
Token ring         - supports token ring

Review Questions

Q—What is the function of the RMON group Matrix?

A—This group stores statistics for conversations between sets of two addresses. As the device detects a new
  conversation, it creates a new entry in its table.

Q—What is RMON?

A—Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors
  and console systems to exchange network-monitoring data.

Q—Multicast packets, CRC errors, runts, giants, fragments, and jabbers are elements of what RMON group?

A—Statistics.




                                                                                                 3
A Summary of Network Traffic Monitoring and Analysis Techniques

Abstract
As company intranets continue to grow it is increasingly important that network administrators are aware of
and have a handle on the different types of traffic that is traversing their networks. Traffic monitoring and
analysis is essential in order to more effectively troubleshoot and resolve issues when they occur, so as to not
bring network services to a stand still for extended periods of time. Numerous tools are available to help
administrators with the monitoring and analysis of network traffic. This paper discusses router based monitoring
techniques and non-router based monitoring techniques (passive versus active). It gives an overview of the
three most widely used router based network monitoring tools available (SNMP, RMON, and Cisco Netflow), and
provides information about two newer monitoring methods that use a combination of passive and active
monitoring techniques (WREN and SCNM).

Keywords: NetFlow, network monitoring, network analysis, watching resources from edge of network, self
configuring network monitor, active monitoring, passive monitoring


Importance of Network Monitoring and Analysis

Network monitoring is a difficult and demanding task that is a vital part of a Network Administrators job.
Network Administrators are constantly striving to maintain smooth operation of their networks. If a network
were to be down even for a small period of time productivity within a company would decline, and in the case of
public service departments the ability to provide essential services would be compromised. In order to be
proactive rather than reactive, administrators need to monitor traffic movement and performance throughout
the network and verify that security breeches do not occur within the network.

Monitoring and Analysis Techniques

Network analysis is the process of capturing network traffic and inspecting it closely to determine what is
happening on the network." -Orebaugh, Angela. Two Monitoring Techniques are discussed in the following
sections: Router Based and Non-Router Based. Monitoring functionalities that are built-into the routers
themselves and do not require additional installation of hardware or software are referred to as Router Based
techniques. Non-Router based techniques require additional hardware and software to be installed and provide
greater flexibility.

Router Based Monitoring Techniques

Router Based Monitoring Techniques are hard-coded into the routers and therefore offer little flexibility. A brief
explanation of the most commonly used monitoring techniques is given below. Each technique has undergone
years of development to become a standardized model.




                                                                                                      4

				
DOCUMENT INFO
Shared By:
Stats:
views:11
posted:7/18/2011
language:English
pages:4
Description: RMON (Remote Network Monitoring), originally designed to solve the management from a central point of the local sub-network and remote site problems. SNMP MIB RMON specification was developed by extension from. RMON, network monitoring data contains a set of statistics and performance indicators, monitor them in a different (or detector) and console systems to exchange. The resulting data can be used to monitor network utilization for network planning, performance optimization and to help diagnose network errors.