Chapter 8

SNMP Management:RMON

Network Management: Principles and Practice© Mani Subramanian 2011

1

Chapter 8 SNMP Management: RMON

Network Management: Principles and Practice© Mani Subramanian 2011

Objectives

Remote network monitoring, RMON

RMON1: Monitoring Ethernet LAN and token-ring LAN

RMON2: Monitoring upper protocol layers

RMON MIBs for RMON group objects

Case study

2

Chapter 8 SNMP Management: RMON

Notes

RMON Components

• RMON Probe• Data gatherer - a physical device

• Data analyzer• Processor that analyzes data

• RMON - Remote Network Monitoring

Data

Analyzer

RMON

Probe

BACKBONE

NETWORK

SNMP

Traffic

SNMP

Traffic

LAN

RouterRouter

Network Management: Principles and Practice© Mani Subramanian 2011

3

Chapter 8 SNMP Management: RMON

Network with RMONs

FDDI

Backbone Network

Remote Token Ring LANNMS

Router Bridge

Token Ring

Probe

Ethernet

Probe

Local LAN

Figure 8.1 Network Configuration with RMONs

Router with

RMON

Router

Remote FDDI LAN

FDDI Probe

Network Management: Principles and Practice© Mani Subramanian 2011

Notes

• Note that RMON is embedded in a router for monitoring the remote FDDI LAN

• Analysis done in NMS

4

Chapter 8 SNMP Management: RMON

Remote Network Management Goals

[RFC 2819/STD 59]

• Off-line Operation: A probe can be configured to perform diagnosticsand collect statistics continuously, even when communication with theNMS may not be possible or efficient. The probe may notify the NMSwhen an exceptional condition occurs.

• Proactive Monitoring: Given the resources available on the monitor, itis helpful for it continuously to run diagnostics and to log networkperformance. The monitor can notify the NMS of a failure and can storehistorical statistical information about it. This historical information canbe played back by the NMS for further diagnosis into the cause of theproblem.

• Problem Detection and Reporting: The monitor can be configured torecognize conditions, most notably error conditions, and continuously tocheck for them. When one of these conditions occurs, the event may belogged, and NMSs may be notified.

• Value Added Data: Because an RMON device is dedicated exclusivelyto NM functions, and because it is located directly on the monitoredportion of the network, it can add significant value to the data it collects.For instance, by highlighting those hosts on the network that generate themost traffic or errors, the probe can give the NMS precisely theinformation it needs to solve a class of problems.

• Multiple Managers: An organization may have multiple NMSs fordifferent units of the organization, for different functions (e.g.engineering and operations), and in an attempt to provide disasterrecovery. Because environments with multiple NMSs are common, theRMON device has to deal with more than one NMS, potentially using itsresources concurrently.

Network Management: Principles and Practice© Mani Subramanian 2011

5

Chapter 8 SNMP Management: RMON

Notes

RMON Benefits

• Monitors and analyzes locally and relays data→ Less load on the network (solicited and unsolicited)

• Needs no direct visibility of agents by NMS→ More reliable information (polling is local)

• Permits monitoring on a more frequent basis→ Faster fault diagnosis (prevent or react to a fault)

• Increases productivity for administrators (study report) and network availability to users

• Unsolicited: if abnormal condition (e.g., heavy packet loss) → Send alarm to NMS

• Case study: under heavy traffic and long-distance communication, packets are lost:

→ NMS gets no response for pings→ NMS assumes the device (agent) is down

(wrong interpretation)

Network Management: Principles and Practice

© Mani Subramanian 2011

6

Chapter 8 SNMP Management: RMON

Control of Remote Monitors

• Remote monitor is implemented either as:– A dedicated device

– A function available on a system

• RMON MIB contains features that support extensive control from the NMS. These features fall into 2 general categories:

– Configuration: a remote monitor needs to be configured for data collection. RMON MIB is organized into a number of functional groups. Within each group, there may be one or more control tables and one or more data tables.• A control table: is typically read-write, and contains

parameters that describe the data in a data table

• A data table: is typically read-only

• At configuration time, an NMS sets the appropriate control parameters (add a new row or modify an existing row) to configure the RMON to collect the desired data.

• To modify any parameters in a control table, it is necessary to first invalidate the control entry (row) → deletion of this row and associated rows in data tables.

– Action Invocation: is the use of SNMP Set operation to issue a command.• An object is used to represent a command

• A specific action is taken if the object is set to a specific value.

• In general, these objects represent states.

• An action is performed if the NMS changes a state (i.e., value)

Network Management: Principles and Practice© Mani Subramanian 2011

7

Chapter 8 SNMP Management: RMON

Notes

Row Creation & Deletion: EntryStatus

(RMON)

State Enume-ration

Description

valid 1 Row exists and is active. It is fully configured and operational

createRequest 2 Create a new row by creating this object

underCreation 3 Row is not fully active

invalid 4 Delete the row by disassociating the mapping of this entry

• EntryStatus data type introduced in RMON

• EntryStatus (similar to RowStatus in SNMPv2)

used to create and delete conceptual row.

• Only 4 states in RMON compared to 6 in SNMPv2

• Valid:

• Operational and measuring data

• Any NMS authenticated to use the RMON

device may use this row of data.

Network Management: Principles and Practice

© Mani Subramanian 2011

8

Chapter 8 SNMP Management: RMON

Row Creation & Deletion: RowStatus(SNMPv2)

Notes

Table 6.4 RowStatus Textual Convention

State Enumer-ation

Description

active 1 Row exists and is operational

notInService 2 Operation on the row is suspended

notReady 3 Row does not have all the columnar objectsneeded

createAndGo 4 This is a one-step process of creation of arow; immediately goes into active state

createAndWait 5 Row is under creation and should not becommissioned into service

destroy 6 Same as Invalid in EntryStatus. Row shouldbe deleted

• Status: A new column is added to the conceptual table

• SYNTAX of Status is RowStatus

• Value of RowStatus is Enumerated INTEGER

Network Management: Principles and Practice

© Mani Subramanian 2011

9

Chapter 8 SNMP Management: RMON

Row Addition, Modification and Deletion

• Row Addition:– If a management station attempts to create a new

row, and the index object value or values do not already exist, the row is created with status object value of “createRequest(2)”

– Immediately after completing the create operation, the agent sets the status object value to “underCreation(3)”

– Rows shall exist in the “underCreation(3)” state until the management station is finished creating all of the rows that it desires for its configuration. The management station sets the status object value in each of the created rows to “valid(1)”

– If an attempt is made to create a new row, with a “createRequest(2)”status, and the row already exists, an error will be returned.

• Row Modification and Deletion– A row is deleted by setting the status object value for

that row to “invalid(4)”– The owner of the row can then delete it by issuing a

SetRequest PDU

– A row can be modified by first invalidating the row and then providing the row with new parameter values.

Network Management: Principles and Practice© Mani Subramanian 2011

10

Chapter 8 SNMP Management: RMON