RMON is a major step forward in Internetwork management. It defines a remote monitoring MIB that supplements MIB-II and provides the network manager with vital information about the network. The remarkable feature of RMON is that while it is simply a specification of a MIB, with no changes in the underlying SNMP protocol, it provides a significant expansion in SNMP functionality.

With MIB-II, the network manager can obtain information that is purely local to individual devices. Consider a LAN with a number of devices on it, each with an SNMP agent. An SNMP manager can learn of the amount of traffic into and out of each device, but with MIB-II it cannot easily learn about the traffic on the LAN as a whole.

Network management in an internetworked environment typically requires one monitor per subnetwork.

The RMON standard originally designated as IETF RFC 1271, now RFC 1757, was designed to provide proactive monitoring and diagnostics for distributed LAN-based networks. Monitoring devices, called agents or probes, on critical network segments allow for user-defined alarms to be created and a wealth of vital statistics to be gathered by analyzing every frame on a segment.

The RMON standard divides monitoring functions into nine groups to support Ethernet topologies and adds a tenth group in RFC 1513 for Token Ring-unique parameters. The RMON standard was crafted to be deployed as a distributed computing architecture, where the agents and probes communicate with a central management station, a client, using Simple Network Management Protocol (SNMP). These agents have defined SNMP MIB structures for all nine or ten Ethernet or Token Ring RMON groups, allowing interoperability between vendors of RMON-based diagnostic tools. The RMON groups are defined as:

• Statistics group – Maintains utilization and error statistics for the subnetwork or segment being monitored. Examples are bandwidth utilization, broadcast, multicast, CRC alignment, fragments, and so on.
• History group – Holds periodic statistical samples from the statistics group and stores them for later retrieval. Examples are utilization, error count, and packet count.
• Alarm group – Allows the administrator to set a sampling interval and threshold for any item recorded by the agent. Examples are absolute or relative values and rising or falling thresholds.
• Host group – Defines the measurement of various types of traffic to and from hosts attached to the network. Examples are packets sent or received, bytes sent or received, errors, and broadcast and multicast packets.
• Host TopN group – Provides a report of TopN hosts based on host group statistics.
• Traffic matrix group – Stores errors and utilization statistics for pairs of communicating nodes of the network. Examples are errors, bytes, and packets.
• Filter group – A filter engine that generates a packet stream from frames that match the pattern specified by the user.
• Packet capture group – Defines how packets that match filter criteria are buffered internally.
• Event group – Allows the logging of events, also called generated traps, to the manager, together with time and date. Examples are customized reports based upon the type of alarm.

Interactive Media Activity Matching: RMON Matching Activity When the student has completed this activity, the student will be able to understand how RMON operates and its terms and definitions.

Web Links RMON http://www.cisco.com/en/US/tech/tk648/ tk362/tk560/tech_protocol_ home.html