Transcript Chapter 8
Chapter 8 Chapter 8 RMON Network Management: Principles and Practice © Mani Subramanian 2000 8-1 Chapter 8 RMON Components Data Analyzer SNMP Traffic Router BACKBONE NETWORK Router SNMP Traffic RMON Probe LAN • RMON Probe • Data gatherer - a physical device • Data analyzer • Processor that analyzes data Notes • RMON Remote Network Monitoring Network Management: Principles and Practice © Mani Subramanian 2000 8-2 Chapter 8 Network with RMONs Remote FDDI LAN FDDI Probe Router with RMON FDDI Backbone Network Router Bridge Local LAN Router NMS Remote Token Ring LAN Ethernet Probe Token Ring Probe Figure 8.1 Network Configuration with RMONs Notes Nots • Note that RMON is embedded monitoring remote FDDI LAN • Analysis done in NMS Network Management: Principles and Practice © Mani Subramanian 2000 8-3 Chapter 8 RMON Benefits • Monitors and analyzes locally and relays data; Less load on the network • Needs no direct visibility by NMS; More reliable information • Permits monitoring on a more frequent basis and hence faster fault diagnosis • Increases productivity for administrators Notes Network Management: Principles and Practice © Mani Subramanian 2000 8-4 Chapter 8 RMON MIB rmon (mib-2 16) rmonConformance (20) statistics (1) probeConfig (19) history (2) usrHistory (18) a1Matrix (17) alarm (3) a1Host (16) host (4) n1Matrix (15) hostTopN (5) matrix (6) n1Host (14) filter (7) addressMap (13) capture (8) protocolDist (12) event (9) protocolDir (11) RMON1 Extension RMON2 RMON1 Token Ring (10) Figure 8.2 RMON Group Notes • RMON1: Ethernet RMON groups (rmon 1 - rmon 9) • RMON1: Extension: Token ring extension (rmon 10) • RMON2: Higher layers (3-7) groups (rmon 11 - rmon 20) Network Management: Principles and Practice © Mani Subramanian 2000 8-5 Chapter 8 Row Creation & Deletion State valid createRequest underCreation invalid Enumeration 1 2 3 4 Description Row exists and is active. It is fully configured and operational Create a new row by creating this object Row is not fully active Delete the row by disassociating the mapping of this entry • EntryStatus data type introduced in RMON • EntryStatus (similar to RowStatus in SNMPv2) used to create and delete conceptual row. • Only 4 states in RMON compared to 6 in SNMPv2 Notes Network Management: Principles and Practice © Mani Subramanian 2000 8-6 Chapter 8 RMON Groups and Functions Token Ring Statistics Token Ring Statistics Token Ring History History Control Ethernet History History Control Ethernet Statistics Ethernet Statistics Remotely Monitored Network Host and Conversation Statistics Data Gathering Host Statistics HostTopN Statistics Matrix Statistics Network Manager Filter Group Packet Filtering Channel Filtering Alarm Generation Event Generation Packet Capture Figure 8.3 RMON1 Groups and Functions Notes • Probe gathers data • Functions • Statistics on Ethernet, token ring, and hosts / conversations • Filter group filters data prior to capture of data • Generation of alarms and events Network Management: Principles and Practice © Mani Subramanian 2000 8-7 Chapter 8 RMON1 MIB Groups & Tables Group Statistics OID rmon 1 History rmon 2 Alarm rmon 3 Host rmon 4 Function Link level statistics HostTopN rmon 5 Matrix rmon 6 Filter rmon 7 Packet Capture rmon 8 Event rmon 9 Token Ring rmon 10 Tables -etherStatsTable -etherStats2Table Periodic statistical data -historyControlTable collection and storage for later -etherHistoryTable retrieval -historyControl2Table -etherHistory2Table Generates events when the data -alarmTable sample gathered crosses preestablished thresholds Gathers statistical data on hosts -hostControlTable -hostTable -hostTimeTable -hostControl2Table Computes the top N hosts on -hostTopNcontrolTable the respective categories of statistics gathered Statistics on traffic between pair -matrixControlTable of hosts -matrixSDTable -matrixDSTable -matrixControl2Table Filter function that enables -filterTable capture of desired parameters -channelTable -filter2Table -channel2Table Packet capture capability to -buffercontrolTable gather packets after they flow -captureBufferTable through a channel Controls the generation of -eventTable events and notifications See Table 8.3 See Table 8.3 Notes • Ten groups divided into three categories • Statistics groups (rmon 1, 2, 4, 5, 6, and 10)) • Event reporting groups (rmon 3 and 9) • Filter and packet capture groups(romon 7 and 8) • Groups with “2” in the name are enhancements with RMON2 Network Management: Principles and Practice © Mani Subramanian 2000 8-8 Chapter 8 Textual Convention: LastCreateTime and TimeFilter • LastCreateTime tracks change of data with the changes in control in the control tables • Timefilter used to download only those rows that changed after a particular time FooTable (bold indicating the indices): fooTimeMark fooIndex fooCounts fooCounts.0.1 fooCounts.0.2 fooCounts.1.1 fooCounts.1.2 fooCounts.2.1 fooCounts.1.2 fooCounts.3.1 fooCounts.3.2 fooCounts.4.2 5 9 5 9 5 9 5 9 9 -- (Note that row #1 does not exist for times 4 & 5 since the last update occurred at time-mark 3.) fooCounts.5.2 9 (Both rows #1 and #2 do not exist for time-mark greater than 5.) Notes • Bold objects (fooTimeMark and fooIndex) are indices Network Management: Principles and Practice © Mani Subramanian 2000 8-9 Chapter 8 Control and Data Tables dataTable dataEntry controlTable controlEntry control Index control DataSource control TableSize control Owner control Status control Other control Index control DataSource control TableSize control Owner control Status control Other data Index data AddlIndex data Other data Index data AddlIndex data Other data Index data AddlIndex data Other data Index data AddlIndex data Other Note on Indices: Indices marked in bold letter Value of dataIndex same as value of controlIndex Figure 8.4 Relationship between Control and Data Tables Notes • Control table used to set the instances of data rows in the data table • Values of data index and control index are the same Network Management: Principles and Practice © Mani Subramanian 2000 8-10 Chapter 8 Matrix Control and SD Tables matrixSDTable matrixSDEntry matrixControlTable matrixControlEntry matrix Control Index = 1 matrix Control Index = 2 matrix Control DataSource =ifIndiex.1 matrix Control DataSource =ifIndiex.2 matrix Control TableSize = 10 matrix Control Owner = "Bob" matrix Control TableSize = 10 matrix Control Owner = "Bob" matrix Control Status = 1 matrix ControlLast DeleteTime = 1000 matrix Control Status = 1 matrix ControlLast DeleteTime = 100050 Note on Indices: Indices marked in bold letter Value of dataIndex same as value of controlIndex matrixSD Source Address = 172.15.8.11 matrixSD Destination Address = 192.7.8.11 matrix SD Index = 1 matrix SD Pkts = matrixSD Source Address = 172.15.8.11 matrixSD Destination Address = 199.5.8.20 matrix SD Index = 1 matrix SD Pkts = matrixSD Source Address = 172.16.8.16 matrixSD Destination Address = 193.5.8.20 matrix SD Index = 2 matrix SD Pkts = matrixSD Source Address = 172.16.8.20 matrixSD Destination Address = 193.5.8.20 matrix SD Index = 2 matrix SD Pkts = Figure 8.4 Relationship between Control and Data Tables Notes • matrixSDTable is the source-destination table • controlDataSource identifies the source of the data • controlTableSize identifies entries associated with the data source • controlOwner is creator of the entry Network Management: Principles and Practice © Mani Subramanian 2000 8-11 Chapter 8 Host Top N Group Example HostTopN Host 1 Host 2 Host 3 Host 4 Host 5 Host 6 Host 7 Host 8 Host 9 Host 10 0 100 200 300 400 Giga Octets Figure 8.5 HostTop-10 Output Octets Notes Network Management: Principles and Practice © Mani Subramanian 2000 8-12 Chapter 8 Filter Group filterTable filterEntry channelTable channelEntry channel Index =1 channel Index = 2 channel IfIndex = 1 channel IfIndex channel AcceptType channel AcceptType channel DataControl Other Channel Parameters channel DataControl Other Channel Parameters Note on Indices: Indices marked in bold letter Value of filterChannelIndex same as value of channelIndex filterIndex =1 filter ChannelIndex =1 Filter Parameters filterIndex =2 filter ChannelIndex =1 Filter Parameters filterIndex =3 filter ChannelIndex =2 Filter Parameters filterIndex =4 filter ChannelIndex =2 Filter Parameters Notes • Filter group used to capture packets defined by logical expressions • Channel is a stream of data captured based on a logical expression • Filter table allows packets to be filtered with an arbitrary filter expression • A row in the channel table associated with multiple rows in the filter table Network Management: Principles and Practice © Mani Subramanian 2000 8-13 Chapter 8 Packet Capture Group Channel Table Filter Table (many for each channel) Capture Buffer Table (One entry per Channel) Notes • Packet capture group is a post-filter group • Buffer control table used to select channels • Captured data stored in the capture buffer table Network Management: Principles and Practice © Mani Subramanian 2000 8-14 Chapter 8 RMON TR Extension Groups Token Ring Group Statistics Promiscuous Statistics Mac-Layer History Promiscuous History Ring Station Ring Station Order Ring Station Configuration Source Routing Function Current utilization and error statistics of Mac Layer Current utilization and error statistics of promiscuous data Historical utilization and error statistics of Mac Layer Historical utilization and error statistics of promiscuous data Station statistics Order of the stations Active configuration of ring stations Utilization statistics of source routing information Tables tokenRingMLStatsTable tokenRingMLStats2Table tokenRingPStatsTable tokenRingPStats2Table tokenRingMLHistoryTable tokenRingPHistoryTable ringStationControlTable ringStationTable ringStationControl2Table ringStationOrderTable ringStationConfigControlTable ringStationConfigTable sourceRoutingStatsTable sourceRoutingStats2Table Notes • Two statistics groups and associated history groups • MAC layer (Statistics group) collects TR parameters • Promiscuous Statistics group collects packets promiscuously on sizes and types of packets • Three groups associated with the stations • Routing group gathers on routing Network Management: Principles and Practice © Mani Subramanian 2000 8-15 Chapter 8 RMON2 • Applicable to Layers 3 and above • Functions similar to RMON1 • Enhancement to RMON1 • Defined conformance and compliance Notes Network Management: Principles and Practice © Mani Subramanian 2000 8-16 Chapter 8 RMON2 MIB Table 8.4 RMON2 MIB Groups and Tables Group Protocol Directory Protocol Distribution Address Map OID rmon 11 Function Inventory of protocols Tables protocolDirTable rmon 12 protocolDistControlTable protocolDistStatsTable addressMapControlTable addressMapTable Network Layer Host Network Layer Matrix rmon 14 Relative statistics on octets and packets Mac address to network address on the interfaces Traffic data from and to each host Traffic data from each pair of hosts Application Layer Host rmon 16 Application Layer Matrix rmon 17 User History Collection rmon 18 Probe Configuration rmon 19 RMON Conformance rmon 20 rmon 13 rmon 15 Traffic data by protocol from and to each host Traffic data by protocol between pairs of hosts n1HostControlTable n1HostTable n1MatrixControlTable n1MatrixSDTable n1MatrixDSTable n1MatrixTopNControlTable n1MatrixTopNTable a1HostTable a1MatrixSDTable a1MatrixDSTable a1MatrixTopNControlTable a1MatrixTopNTable User-specified usrHistoryControlTable historical data on usrHistoryObjectTable alarms and statistics usrHistoryTable Configuration of probe serialConfigTable parameters netConfigTable trapDestTable serialConnectionTable RMON2 MIB See Section 8.4.2 Compliances and Compliance Groups Notes Network Management: Principles and Practice © Mani Subramanian 2000 8-17 Chapter 8 ATM RMON Application Layer Upper Layer Protocols RMON-2 (RFC 2021, 2074) Ethernet RMON (RFC 1757) Token Ring RMON (RFC 1513) IETF MIBs Network Layer 'Base' Layer ATM Protocol IDs for RMON-2 (Additions to RFC 2074) Switch Extensions for RMON ATM RMON Additional MIBs Figure 8.7 RMON MIB Framework (©1995 ATM Forum) Notes • ATM Forum extended RMON to ATM • Switch extensions and ATM RMON define objects at the base layer • ATM protocol IDs for RMON2 define additional objects at the higher levels • ATM devices require cell-based measurements and statistics • Probe should be able to handle high speed Network Management: Principles and Practice © Mani Subramanian 2000 8-18 Chapter 8 ATM Probe Location ATM Switch ATM Switch RMON Probe RMON Probe (a) External Probe with copy ATM Switch with internal RMON Probe (b) Internal Probe with copy ATM Switch ATM Switch RMON Probe (c) Internal Probe without copy (d) External Probe without copy Figure 8.8 ATM Probe Location ©1995 ATM Forum) Notes • Stand-alone probe in (a) copies the cells • Embedded version in (b) reports data, but has no access to switch fabric • Internal probe (c) similar to (b) with access to switch • Stand-alone probe (d) taps network-to-network interface between two ATM switches • (a) and (b) require duplex circuits, steering of traffic, and design modification • Embedded designs (c) and (d) require no modification Network Management: Principles and Practice © Mani Subramanian 2000 8-19 Chapter 8 ATM RMON MIB Groups Table 8.6 ATM RMON MIB Groups and Tables Group OID portSelect atmRmonMIBObjects 1 atmStats atmRmonMIBObjects 2 atmHost atmRmonMIBObjects 3 atmMatrix atmRmonMIBObjects 4 Function Port Selection Tables portSelGrpTable portSelTable Basic Statistics atmStatsControlTable atmStatsTable ATM per-host atmHostControlTable statistics atmHostTable ATM per-circuit atmMatrixControlTable statistics atmMatrixSDTable atmMatrixDSTable atmMatrixTopNControlTable atmMatrixTopNTable Notes • ATM RMON MIB contains four groups • portSelect group selects ports • atmStats collects basic statistics based on port selection • atmHost gathers statistics based on host traffic • atmMatrix group collects conversation traffic and ranks the top-N entries Network Management: Principles and Practice © Mani Subramanian 2000 8-20 Chapter 8 A Case Study • A study at Georgia Tech on Internet traffic • Objectives • Traffic growth and trend • Traffic patterns • Network comprising Ethernet and FDDI LANs • Tools used • HP Netmetrix protocol analyzer • Special high-speed TCP dump tool for FDDI LAN • RMON groups utilized • Host top-n • Matrix group • Filter group • Packet capture group (for application level protocols) Notes Network Management: Principles and Practice © Mani Subramanian 2000 8-21 Chapter 8 Case Study Results 1. Growth Rate: Internet traffic grew at a significant rate from February to June at a monthly rate of 9% to 18%. 12% February to March 9% March to April 18% April to May Note: There is sudden drop in June due to end of spring quarter and summer quarter starting. 2. Traffic Pattern: Monthly / Weekly: Only discernible variation is lower traffic over weekends Daily: 2/3 of the top 5% peaks occur in the afternoons Users: Top six domain of users (96%) are 20% Domain 1 30% Domain 2 Subdomain 1 (25%) Subdomain 2 (3%) 34% Domain 3 7% Domain 4 3% Domain 5 2% Domain 6 Top three hosts sending or receiving data Newsgroups Mbone Linux host What we have learned : 1. The three top groups of users contributing to 84% of the Internet traffic are students (surprise!). Newsgroup services, and Domain 1. 2. Growth rate of Internet during the study period in spring quarter is 50%. Network Management: Principles and Practice © Mani Subramanian 2000 8-22