written 8.6 years ago by | • modified 5.0 years ago |
RMON Standards :
Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data.
i. RMON (Remote Network Monitoring) provides standard information that a network administrator can use to monitor, analyze, and troubleshoot a group of distributed local area networks (LANs) and interconnecting T-1/E-1 and T-2/E-3 lines from a central site.
ii. RMON can be supported by hardware monitoring devices (known as "probes") or through software or some combination.
iii. RMON is actually part of SNMP, and the RMON specification is simply a management information base (MIB) module that defines a particular set of MIB objects for use by network monitoring probes.
iv. SNMP Remote Network Monitoring (RMON) was created to enable the efficient management of networks using dedicated management devices such as network analyzers, monitors, or probes.
v. RMON is often called a protocol, but it does not define any new protocol operations. It is actually an MIB module for SNMP that describes objects that permit advanced network management capabilities.
RMON MIB Hierarchy and Object Groups :
i. Since RMON is a MIB module, it consists almost entirely of descriptions for MIB objects, each with the standard characteristics belonging to all such objects.
ii. All the objects within RMON are arranged into the SNMP object name hierarchy within the rmon group, which is group number 16 within the SNMP mib (mib-2) object tree, 1.3.6.1.2.1. So, all RMON objects have identifiers starting with 1.3.6.1.2.1.16.
iii. This single RMON group is broken down into several lower-level groups that provide more structure for the RMON objects defined by the specification
iv. Figure2 shows this structure.
RMON Structure
History: The history control group controls the periodic statistical sampling, so this data can be accessed later from the Network Administrator.
Alarm: The alarm group periodically takes statistical samples from variables in the probe and compares them to previously configured thresholds. If the monitored variable crosses a threshold, an event is generated.
Host: The host group contains statistics associated with each host discovered on the network. This group discovers hosts on the network by keeping a list of source and destination MAC Addresses seen in good packets promiscuously received from the network. This bucket tracks statistics on specific hosts.
HostTopN: Prepares tables that describe the hosts that top a list ordered by one of their base statistics over an interval specified by the management station.
Matrix : The matrix group stores statistics for conversations between sets of two addresses. As the device detects a new conversation, it creates a new entry in its tables.
Filter : The filter group allows packets to be matched by a filter equation. These matched packets form a data stream that may be captured or may generate events.
Packet Capture: Enables packets to be captured after they flow through a channel.
Event: Controls the generation and notification of events from this device.