Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesSimplifying Remote Management

June 1995 / Core Technologies / Simplifying Remote Management

Standards-based remote monitoring takes hold

Salvatore Salamone

Two trends--decentralization of organizations and the growing use of LANs--have created a challenge for network administrators. They find themselves responsible for keeping LANs in many remote locations up and running.

A big part of the problem is that many smaller sites cannot afford to have full-time technical staffers to handle problems. Even simple problems can be a pain. After all, you can't expect a person who has little experience with computers to attach a protocol analyzer, such as the full-function Network General Notebook Sniffer Analyzer, to the network and diagnose the problem on their own. (And that's not to disparage protocol-analyzer manufactu rers, who have been making their products easier for networking professionals to use.)

Recognizing that managers need to somehow see what's going on at distant locations, the IETF (Internet Engineering Task Force) has developed specifications for an RMon (remote monitoring) system that keeps tabs on the state of distant networks. RMon is an extension of the IETF's SNMP, which is commonly used to manage large networks. The idea behind RMon is to distribute, throughout a network, probes that collection information about the traffic on that network.

The difference between SNMP and RMon is that SNMP monitors and manages network devices like hubs and bridges, while RMon monitors LAN traffic. With RMon, some of the management intelligence is moved out onto the network, where RMon probes alert a centralized console whenever a threshold, such as number of packets, is exceeded.

In a typical use of RMon technology, one probe would be located on each LAN segment. The probe would monitor data transmi ssion on that segment and organize the information it collects into a format that makes it easy for a manager at a central site to analyze traffic patterns and diagnose problems at remote sites.

Because of these helpful features, RMon is taking off. Virtually all router and intelligent-hub vendors are offering RMon capabilities in their products or say they soon will. Other companies, such as Armon Networking, offer stand-alone RMon probes that connect directly to Ethernet or Token Ring LANs. Armon's product is called OnSite. And many protocol-analyzer vendors, such as Network General, are offering RMon probes.

While RMon has great potential to help network administrators better manage remote-site LANs, there is some confusion about what role an RMon probe plays in traditional network analysis and troubleshooting. The major point of confusion is a belief that RMon probes will obviate the need for traditional protocol analyzers.

That's simply not the case. In fact, most networks would do w ell to employ both RMon technology and protocol analyzers. The two perform complementary, not competing, functions. An analogy might help explain the difference between an RMon probe and a protocol analyzer. In general, it's the difference between knowing that the editor of BYTE got 50 letters and knowing what opinions were expressed by readers in those letters. Analogously, when deployed throughout a network, RMon can give a network manager good statistical and trend information about the number of packets passing over the network. A protocol analyzer is able to take a captured packet and decode all seven of its protocol layers.

Naturally, there's some overlap in the functions of an RMon probe and a protocol analyzer. For example, many protocol analyzers can perform trend analysis on the data they collect.

The way the two technologies can work to complement one another is to use RMon to baseline networks, study usage trends, and identify potential problems before they cause trouble for users. T his will help reduce the number of trips to remote sites that technicians must make to solve problems ( see the figure ).

And when a problem requires higher-level diagnostics to be performed, use a protocol analyzer. For example, a person could go to a troubled site with a laptop running Comtest's protocol analyzer, NM Elite. This Ethernet network analysis and testing tool includes an alarm and event log, as well as an expert system that helps diagnose common network problems. (NM Elite was the winner of BYTE's Best of CeBIT award in the connectivity software category.)

It's in the Details

The type of information an RMon probe might collect is how many packets and what size packets are transmitted on the LAN segment. It will also look at the number of packets broadcast and collisions. This information could be used to spot a defective adapter card, which is bombarding the LAN with bad packets causing poor performance.

RMon probes can also colle ct a trace of the traffic on the LAN segment over a period of time and pass this trace to a central site for analysis. This feature of an RMon probe can be used to study traffic patterns and perform trend analysis of the bandwidth demands of the users on that segment. One of the most important features of an RMon probe is that it can be used to send alerts and alarms to network management systems if a preset threshold of some network parameter has been exceeded (e.g., if collisions exceed a level that is considered the norm for a particular LAN segment).

The benefit of an RMon system is that it automatically collects information about the traffic on a LAN segment that is in a remote location. For a manager responsible for many LAN segments that are not all in the same location, that can be a great cost-saving benefit.

For example, without RMon, any problem called into a network troubleshooting center that cannot be solved over the phone requires a trip by a technician to the site. The cost impli cations of such an approach to network troubleshooting are high. First, there's the technician's time. Even if it takes him or her only 15 minutes to solve the problem, there's the round-trip travel time to consider. And that's a best-case scenario.

Whom should you send to the remote site when a network fails? It's hard to know whether a router or CSU/DSU (channel service unit/data service unit) has failed, or if there's trouble with the leased line.

Without being able to diagnose the problem remotely, a company may first send the wrong person to the site. This wastes that person's time and leaves the problem to be resolved. Adding to the cost of problems at remote sites is the fact that even if the right person goes to the site and solves the problem instantly, the people working there are stymied until the technician arrives. If it takes a technician 2 hours to get to a site, the people there must sit idly by for a quarter of the business day.

Using RMon can also help reduce the number of "emergency" trips to remote sites. By virtue of letting a manager preset performance threshold levels, he or she might be able to spot a problem in the making. This would let a manager take corrective action before the users on the network even notice that anything has happened.

For example, information gathered by an RMon probe might let a manager see that traffic on a LAN segment is increasing at a steady pace and is getting close to the maximum percentage bandwidth utilization that is acceptable before performance noticeably drops. Noting this trend, a manager can segment the LAN so that traffic on each new segment is well below the level where performance suffers.

In this way, the users never see any performance degradation. And a network manager does not receive a call in a few months (when traffic has greatly increased) from screaming users saying it's taking forever for their applications to run.

That's just an example of how RMon will make it easier to automatically collect inf ormation about the state of remote networks. This will let managers become more proactive when it comes to keeping their remote sites out of trouble. And with networks becoming increasingly decentralized, network managers will need all the help they can get.

WHERE TO FIND 


NM Elite......................$2500

(including SMC adapter card)
Comtest International
London, U.K.
+44 171 938 4591
fax: +44 171 938 1649
Blue Bell, PA
(800) 940-1710
(610) 940-1710
fax: (610) 825-7579


Notebook Sniffer Analyzer.....$9995

Network General
Menlo Park, CA
(800) 764-3329
(415) 473-2000
fax: (415) 321-0855


OnSite........................$1875

Armon Networking
Santa Barbara, CA
(800) 499-7666
(805) 965-0859
fax: (805) 965-5689

DEFINING RMON GROUPS 

The IETF specifications for remote monitoring define the following
nine feature groups.


Group           Purpose


Statistics      Collects and tracks information about collisions,
                data rate, and other network parameters.

History         Samples from gathered statistics to build a
                running history of network performance.

Alarm           Compares network parameters from Statistics
                Group to preset thresholds to help identify
                potential problems.

Event           Generates an alarm when a threshold is crossed.

Host            Keeps table of statistics for every MAC (media
                access control) address.

HostTopN        Prepares tables of hosts, sorted by the value of
                any statistical parameter gathered over a set
                period of time (e.g., the hub port through which
                the most number of packets have passed).

Matrix          Stores statistics.

Filter          Checks packets against manager-defined filters.

Packet Capture  Allows capture of only packe
ts that meet filtering
                criteria.

Typical RMon Scenario

illustration_link (20 Kbytes)

RMon probes distributed throughout a network collect traffic information that is called up on a central management station. Protocol analyzers are then attached to a LAN segment when more detailed packet analysis is needed.

Salvatore Salamone is a BYTE news editor based in New York. You can reach him on the Internet or BIX at ssalamone@bix.com .
Up to the Core Technologies section contentsGo to previous article: Adding Apple Events to Your Mac Application: Part 2SearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network