Rmon

Diagram of RMON MIB

ISO Root Org DoD Mgmt Internet Private MIB 1 & 2 RMON MIB 1 MIB 2 1. Statistics 2. History 3. Alarm 4. Hosts 5. Host Top N 6. Matrix 7. Filter 8. Capture 9. Event 10. Token Ring

RMON MIB Groups

 Statistics - Traffic and error rates on a segment  History - Above statistics with a time stamp  Alarm - User defined threshold alarms on any RMON variable  Hosts - Traffic and error rates for each host by MAC address  Host Top N - Sorts hosts by top traffic and/or error rates  Matrix - Conversation matrix between hosts  Filter - Definition of what packet types to capture and store  Packet Capture - Creates a capture buffer on the probe that can be requested and decoded by the management application  Event - Generates log entries and/or SNMP traps  Token Ring - Token Ring extensions, most complex group

RMON Increases Management Capacity to 250% Distributed Techniques Save Time and Money Using RMON, Network Management Staff Can Provide Services to More Users and Segments

RMON No RMON segments 200+ 101 to 200 51 to 100 11 to 50 0 5 10 15 20 25 30 segments managed per staff person

Source: McConnell Consulting, Inc. 9/94 Survey of LAN Managers

Network Manager Needs More Help Client / Server Revolution is Here

• • • Mission critical client/server applications mean that network up-time and performance are required Good information currently available for segment traffic, performance and utilization (RMON1) End-to-end, global view of enterprise traffic is needed for troubleshooting today’s complex internetwork(RMON2) – Isolate cause of problem quickly and respond – – Redeploy resources for optimal performance Spot bandwidth utilization trends before bottlenecks occur

Remote Monitoring in the ISO Model Going Up-the-stack With RMON2

Application Presentation Session Transport Network Data Link Physical RMON2 RMON

Enterprise Network Traffic Management Benefits of Monitoring Protocols “Up-the-stack”

• Understand network performance from an application perspective • Logical view of workgroup and application communication patterns • Clear visualization of end-to-end traffic • High-value enterprise traffic information results: – Improved performance through network tuning and optimal placement of network resources – – Trend analysis based on actual growth rates Accurate accounting data

IETF Responds: RMON2 Standard for Monitoring Higher Protocol Layers

• RMON (1) accepted and implemented • RMON2 Working Group kicked off July 1994 • RMON2 Internet Draft delivered June 1995 • First RMON2 interoperability testing occurred in September 1996 • RMON2 received its RFC #s (2021, 2074) in January 1997 • Vendors can commence development of RMON2-compliant implementations immediately

What is RMON2? Standard for Monitoring Higher Protocol Layers

• Major new capability: Provide statistics on network-and application-layer traffic – Open structure for collecting traffic data at higher protocol layers – Protocol directory critical aspect of the MIB • Additional enhancements: – Address Translation – User-defined histories – Probe configuration-device, modem and trap administration based on the Aspen MIB – Time sorted tables

Root ISO Mgmt Org DoD Internet Private MIB 1&2 MIB 1 MIB 2

Diagram of the RMON2 MIB

RMON1

1. Statistics 2. History 3. Alarm 4. Hosts 5. Host Top N 6. Matrix 7. Filter 8. Capture 9. Event 10. Token Ring

RMON RMON2

11. Protocol Directory 12. Protocol Distribution 13. Address Map 14. Network-Layer Host 15. Network-Layer Matrix 16. Application-Layer Host 17. Application-Layer Matrix 18. User History 19. Probe Configuration 20. RMON Conformance

RMON2 MIB Groups

11 12 13 14 15 16 17 18 19 20 Protocol Directory - List of protocols the probe can monitor Protocol Distribution - Traffic statistics for each protocol Address Map - Maps network-layer to MAC-layer addresses Network-Layer Host - Traffic statistics to and from each discovered host Network-Layer Matrix - Traffic statistics on conversations between pairs of discovered hosts Application-Layer Host - Traffic statistics to and from each host by protocol providing insight into the use and growth of applications Application-Layer Matrix - Traffic statistics on conversations between pairs of hosts by protocol User History Collection - Periodic samples of user-specified variables Probe Configuration - Remote configuration of probe parameters RMON Conformance - Requirements for RMON2 MIB conformance

RMON2 Implementation Options Two Alternatives Balancing Price and Performance

Statistics Hosts Matrix Matrix topN

Network Layer

X X X X

Application Layer

X X X X

• “ Type A ” Implementations – – Network layer traffic Less memory and processor power – Expect to see embedded in hubs and switches • “ Type B ” Implementations – – Application layer traffic More memory and processor power – Basis for high-end traffic management applications

Impact of RMON2: Adding a Logical View to Management Products

• Answers critical questions like: – What percent of WAN traffic is due to my order-entry application?

– – How fast is the Lotus Notes traffic growing?

How many hours does Fred spend on the web?

• Requires new user-interface – Scaleable, end-to-end view of all traffic on network – – Support range of logical groupings Linked to other management applications • Essential for roll-out of client/server applications

Example RMON2 Solution: Transcend ® Traf

fix

™ Manager and SuperStack® II Enterprise Monitor

Tuning the Network to the Business

• Comprehensive understanding of network traffic – Real-time and historical – – Applications and protocols Utilizing RMON2 data • Optimize the network to meet the needs of business applications • Speed troubleshooting at the enterprise network level, rather than the device or segment level • Set real policies for the business use of the network

System-level Management of Networked Apps

• • • Top down view of all traffic on network – – – End-to-end display of conversations Network-and application-layer traffic details Designed and tested to scale to large, complex networks Powerful, alternative logical groupings – – – Much more than “Protocol Domains” Group by geography, function, subnet, VLAN, etc.

Easy-to-use navigation Speeds troubleshooting – – – Global view to see interaction and scope Zoom to problem hosts, devices, protocols Launch detailed protocol analysis on any link

Communicate to Users and Management

• Fully integrated traffic database – Real-time and historical information in all views – Histories over the past day, week, month, year, etc.

– – Trend analysis, comparison and graphing Set thresholds on key parameters • Automated reporting – Key trends in application, network and device utilization – – Easy report set-up from same view as GUI Built-in, no data export/import required

Traffic Management is a New Discipline Business Applications 

Traffic

 Infrastructure • • • Brings together: – – – Application level monitoring Enterprise-wide instrumentation Ubiquitous standard To achieve: – – – Analysis of applications’ use of infrastructure Performance management as seen by users Tuning, capacity planning, accounting, etc. based on business applications usage – System level troubleshooting In the face of: – – New network technologies (VLANs) Unpredictable traffic trends

Mission: Enterprise Traffic Management Build on Foundation of Infrastructure Management Business Objectives Quality of Service

Efficiency

Policies Traffic Management

Survival!

Infrastructure Management Troubleshooting Tuning and Planning

Advantages: Enterprise Traffic Management New Level of Network Knowledge and Capabilities Activity Concepts and Perspective Infrastructure Management Physical - devices and segments Trouble shooting Planning Tuning Policies Device control and configuration Physical connectivity See effects on devices “Purchase Order” planning Local utilization and rate of growth at packet level Standardize equipment purchase Traffic Management Logical - traffic and applications Reflects organization, scope and groups Behavior of whole network Discriminate between application problems and network problems See causes, as well as effects Business planning based on real utilization and rate of growth of applications Define “reasonable” use Set use policies and enforce them

Results: Enterprise Traffic Management Improved Responses to Performance Problems

Add Resources Reconfigure Resources Traffic Policy Year Month Days / Weeks Trend/Report for Re-Design and Adding Resources Performance Assessment for Tuning and Optimization Hours / Minutes Prioritize Network Use to Business Needs

Benefits: Enterprise Traffic Management Match Network Investments to Business Objectives 

$

– – Improve network performance, eliminate bottlenecks, so business applications run faster, more reliably Find enterprise network system problems fast – – Only invest due to business application growth Don’t waste expensive network resource on “chat” traffic – – Efficient distributed techniques bring the problem to the expert, rather than the expert to the problem Ease-of-use means information can be handled by less skilled staff members