Each object in a MIB has a unique identifier that network management applications use to identify and retrieve the value of the specific object. The MIB has a tree-like structure in which similar objects are grouped under the same branch of the MIB tree. For example, different interface counters are grouped under the MIB tree’s interfaces branch. Internet MIB Hierarchy

As shown in Figure below, the MIB structure is logically represented by a tree hierarchy. The root of the tree is unnamed and splits into three main branches: Consultative Committee for International Telegraph and Telephone (CCITT), ISO, and joint ISO/CCITT.

These branches and those that fall below each category are identified with short text strings and integers. Text strings describe object names, whereas integers form object identifiers that allow software to create compact, encoded representations of the names. The object identifier in the Internet MIB hierarchy is the sequence of numeric labels on the nodes along a path from the root to the object. The Internet standard MIB is represented by the object identifier 1.3.6.1.2.1, which can also be expressed as iso.org.dod.internet.mgmt.mib.

Figure: Internet MIB Hierarchy

RMON

The RMON standard allows packet and traffic patterns on LAN segments to be monitored. RMON tracks the following items:

■ Number of packets

■ Packet sizes

■ Broadcasts

■ Network utilization

■ Errors and conditions, such as Ethernet collisions

■ Statistics for hosts, including errors generated by hosts, busiest hosts, and which hosts communicate with each other

RMON features include historical views of RMON statistics based on user-defined sample intervals, alarms that are based on user-defined thresholds, and packet capture based on userdefined filters.

KEY POINT Without RMON, a MIB could be used to check the device’s network performance. However, doing so would lead to a large amount of bandwidth required for management traffic. By using RMON, the managed device itself (via its RMON agent) collects and stores the data that would otherwise be retrieved from the MIB frequently.

RMON1

Because RMON agents must look at every frame on the network, they might cause performance problems on a managed device. The agent’s performance can be classified based on processing power and memory.

KEY POINT RMON1 works on the data link layer (with MAC addresses) and provides aggregate LAN traffic statistics and analysis for remote LAN segments.

RMON1 Groups

RMON agents gather nine groups of statistics, ten including Token Ring, which are forwarded to a manager on request, usually via SNMP. As summarized in Figure 2.4.4, RMON1 agents can implement some or all of the following groups:

■ Statistics: Contains statistics such as packets sent, bytes sent, broadcast packets, multicast packets, CRC errors, runts, giants, fragments, jabbers, collisions, and so forth, for each monitored interface on the device.

■ History: Used to store periodic statistical samples for later retrieval.

■ Alarm: Used to set specific thresholds for managed objects and to trigger an event on crossing the threshold (this requires an Events group).

■ Host: Contains statistics associated with each host discovered on the network.

■ Host Top N: Contains statistics for hosts that top a list ordered by one of their observed variables.

■ Matrix: Contains statistics for conversations between sets of two addresses, including the number of packets or bytes exchanged between two hosts.

■ Filters: Contains rules for data packet filters; data packets matched by these rules generate events or are stored locally in a Packet Capture group.

■ Packet Capture: Contains data packets that match rules set in the Filters group.

■ Events: Controls the generation and notification of events from this device.

■ TokenRing: Contains the following Token Ring Extensions:

• Ring Station—Detailed statistics on individual stations
• Ring Station Order—Ordered list of stations currently on the ring
• Ring Station Configuration—Configuration information and insertion/removal data on each station
• Source Routing—Statistics on source routing, such as hop counts

Figure: RMON1 Groups

RMON1 and RMON2

RMON1 only provides visibility into the data link and the physical layers; potential problems that occur at the higher layers still require other capture and decode tools. Because of RMON1’s limitations, RMON2 was developed to extend functionality to upper-layer protocols. As illustrated in, RMON2 provides full network visibility from the network layer through to the application layer.