www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
RMON
RMON is a standard monitoring specification that enables network monitoring devices and console systems to exchange network monitoring data. RMON provides more information than SNMP, but more sophisticated data collection devices (network probes) are needed. RMON looks at MAC-layer data and provides aggregate information on the statistics and LAN traffic.
Enterprise networks deploy network probes on several network segments; these probes report back to the RMON console. RMON allows network statistics to be collected even if a failure occurs between the probe and the RMON console. RMON1 is defined by RFCs 1757 and 2819, and additions for RMON2 are defined by RFC 2021.
The RMON MIB is located at iso.org.dod.internet.mgt.mib.rmon or by the equivalent object descriptor, 1.3.6.1.2.1.16. RMON1 defines nine monitoring groups; each group provides specific sets of data. One more group is defined for Token Ring. Each group is optional, so vendors do not need to support all the groups in the MIB. Table 16-2 shows the RMON1 groups.
RMON2
RMON1 is focused on the data link and physical layers of the OSI model. As shown in Figure 16-4, RMON2 provides an extension for monitoring upper-layer protocols.
NetFlow
Cisco's NetFlow allows the tracking of IP flows as they are passed through routers and multilayer switches. NetFlow information is forwarded to a network data analyzer, network planning tools, RMON applications, or accounting and billing applications. NetFlow allows for network planning, traffic engineering, billing, accounting, and application monitoring. NetFlow consists of three major components:
- Network accounting
- Flow collector engines
- Data analyzers
Routers and switches are the network accounting devices that gather the statistics. These devices aggregate data and export the information. Each unidirectional network flow is identified by both source and destination IP addresses and transport layer port numbers. NetFlow can also identify flows based on IP protocol number, type of service, and input interface.
The NetFlow export or transport mechanism sends the NetFlow data to a collection engine or network management collector. Flow collector engines perform data collection and filtering. They aggregate data from several devices and store the information. Different NetFlow data analyzers can be used based on the intended purpose. NetFlow data can be analyzed for performance and planning purposes, security monitoring, RMON monitoring, application monitoring, and billing and accounting.
NetFlow Compared to RMON
NetFlow lets you gather more statistical information than RMON with fewer resources. It provides more data, with date and time stamping. NetFlow has greater scalability and does not require network probes. It can be configured on individual layer 3 interfaces on routers and layer 3 switches. NetFlow provides detailed information on the following:
- Source and destination IP addresses
- Source and destination interface identifiers
- TCP/UDP source and destination port numbers
- Number of bytes and packets per flow
- IP type of service (ToS)
CDP
CDP is a Cisco-proprietary protocol that can be used to discover Cisco network devices. CDP is media- and protocol-independent, so it works over LAN, Frame Relay, ATM, and other media. The requirement is that the media support Subnetwork Access Protocol (SNAP) encapsulation. CDP runs at the data link layer of the OSI model. CDP uses hello messages; packets are exchanged between neighbors, but CDP information is not forwarded.
Being protocol- and media-independent is CDP's biggest advantage over other network management technologies. CDP provides plenty of neighbor information, which is significant for network discovery. It is very useful when SNMP community strings are unknown when performing a network discovery.
- Device IP address— IP address of the neighbor
- Hold time— How long to hold the neighbor information
- Device capabilities— Type of device discovered: router, switch, transparent bridge, host, IGMP, repeater
- Version— IOS or switch OS version
- Platform— Router or switch model number
- Port ID— Interface of the neighboring device
Network management devices can obtain CDP information for data gathering. CDP should be disabled on interfaces that face the Internet and other secure networks. CDP works on only Cisco devices.
Note
Syslog
The syslog protocol is currently defined in RFC 3164. Syslog transmits event notification messages over the network. Network devices send the event messages to an event server for aggregation. Network devices include routers, servers, switches, firewalls, and network appliances. Syslog operates over UDP, so messages are not sequenced or acknowledged. The syslog messages are also stored on the device that generates the message and can be viewed locally.
Syslog messages are generated in many broad areas. These areas are called facilities. Cisco IOS has more than 500 facilities. Common facilities include
- IP
- CDP
- OSPF
- TCP
- IPsec
- SYS operating system
- Security/authorization
- Spanning Tree Protocol (STP)
Each syslog message has a level. The syslog level determines the event's criticality. Lower syslog levels are more important. Table 16-4 lists the syslog levels.
| Syslog Level | Severity | Level |
|---|---|---|
| 0 | Emergency | System is unusable |
| 1 | Alert | Take action immediately |
| 2 | Critical | Critical conditions |
| 3 | Error | Error messages |
| 4 | Warning | Warning conditions |
| 5 | Notice | Normal but significant events |
| 6 | Informational | Informational messages |
| 7 | Debug | Debug level messages |
Common syslog messages are interface up and down events. Access lists can also be configured on routers and switches to generate syslog messages when a match occurs. Each syslog message includes a time stamp, level, and facility. Syslog messages have the following format:
mm/dd/yy:hh/mm/ss:FACILITY-LEVEL-mnemonic:description
No comments:
Post a Comment