The Remote Network Monitoring (RMON) MIB was developed by the

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...

to support monitoring and protocol analysis of LANs. The original version (sometimes referred to as RMON1) focused on OSI layer 1 and

layer 2 The data link layer, or layer 2, is the second layer of the seven-layer OSI model of computer networking. This layer is the protocol layer that transfers data between nodes on a network segment across the physical layer. The data link layer pr ...

information in Ethernet and Token Ring networks. It has been extended by RMON2 which adds support for Network- and

Application-layer An application layer is an abstraction layer that specifies the shared communications protocols and interface methods used by hosts in a communications network. An ''application layer'' abstraction is specified in both the Internet Protocol Sui ...

monitoring and by SMON which adds support for switched networks. It is an industry-standard specification that provides much of the functionality offered by proprietary network analyzers. RMON agents are built into many high-end switches and routers.

Overview

Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data. RMON provides network administrators with more freedom in selecting network-monitoring probes and consoles with features that meet their particular networking needs. An RMON implementation typically operates in a client/server model. Monitoring devices (commonly called "probes" in this context) contain RMON software agents that collect information and analyze packets. These probes act as servers and the Network Management applications that communicate with them act as clients. While both agent configuration and data collection use

SNMP Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour. Devices that typically ...

, RMON is designed to operate differently than other SNMP-based systems: * Probes have more responsibility for data collection and processing, which reduces SNMP traffic and the processing load of the clients. * Information is only transmitted to the management application when required, instead of continuous polling and monitoring In short, RMON is designed for "flow-based" monitoring, while SNMP is often used for "device-based" management. RMON is similar to other flow-based monitoring technologies such as

NetFlow NetFlow is a feature that was introduced on Cisco routers around 1996 that provides the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine thin ...

and

SFlow sFlow, short for "sampled flow", is an industry standard for packet export at Layer 2 of the OSI model. sFlow was originally developed by InMon Corp. It provides a means for exporting truncated packets, together with interface counters for the purp ...

because the data collected deals mainly with traffic patterns rather than the status of individual devices. One disadvantage of this system is that remote devices shoulder more of the management burden, and require more resources to do so. Some devices balance this trade-off by implementing only a subset of the RMON MIB groups (see below). A minimal RMON agent implementation could support only statistics, history, alarm, and event. The RMON1 MIB consists of ten groups: # Statistics: real-time LAN statistics e.g. utilization, collisions, CRC errors # History: history of selected statistics # Alarm: definitions for RMON SNMP traps to be sent when statistics exceed defined thresholds # Hosts: host specific LAN statistics e.g. bytes sent/received, frames sent/received # Hosts top N: record of N most active connections over a given time period # Matrix: the sent-received traffic matrix between systems # Filter: defines packet data patterns of interest e.g. MAC address or TCP port # Capture: collect and forward packets matching the Filter # Event: send alerts (SNMP traps) for the Alarm group # Token Ring: extensions specific to Token Ring The RMON2 MIB adds ten more groups: # Protocol Directory: list of protocols the probe can monitor # Protocol Distribution: traffic statistics for each protocol # Address Map: maps network-layer (IP) to MAC-layer addresses # Network-Layer Host: layer 3 traffic statistics, per each host # Network-Layer Matrix: layer 3 traffic statistics, per source/destination pairs of hosts # Application-Layer Host: traffic statistics by application protocol, per host # Application-Layer Matrix: traffic statistics by application protocol, per source/destination pairs of hosts # User History: periodic samples of user-specified variables # Probe Configuration: remote configure of probes # RMON Conformance: requirements for RMON2 MIB conformance

Important RFCs

* RMON1: RFC 2819 - Remote Network Monitoring Management Information Base * RMON2: RFC 4502 - Remote Network Monitoring Management Information Base Version 2 using SMIv2 * HCRMON: RFC 3273 - Remote Network Monitoring Management Information Base for High Capacity Networks * SMON: RFC 2613 - Remote Network Monitoring MIB Extensions for Switched Networks * Overview: RFC 3577 - Introduction to the RMON Family of MIB Modules

External links

RMON: Remote Monitoring MIBs

RAMON: open-source implementation of a RMON2 agent
{{DEFAULTSORT:Rmon Network management

Overview

Important RFCs

See also

External links