Internet Draft Steve Waldbusser
R.G. Cole
AT&T
C. Kalbfleisch
Verio, Inc.
D. Romascanu
Avaya Inc.
1 November 2002
RMON Framework
<draft-ietf-rmonmib-framework-02.txt>
Status of this Memo
This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026 [RFC2026].
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference material
or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Distribution of this document is unlimited. Please send comments to the
SMIng WG mailing list <sming@ops.ietf.org>.
Internet Draft RMON Framework November 1, 2002
1. Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
2. Abstract
The RMON Framework consists of a number of interrelated standards. This
memo describes these standards and how they relate to one another.
3. Table of Contents
Table of Contents
1 Copyright Notice ................................................ 2
2 Abstract ........................................................ 2
3 Table of Contents ............................................... 2
4 The SNMP Network Management Framework ........................... 2
5 Definition of RMON .............................................. 3
6 Goals of RMON ................................................... 4
7 RMON Standards .................................................. 6
7.1 RMON-1 ........................................................ 6
7.2 Token Ring Extensions to RMON MIB ............................. 7
7.3 The RMON-2 MIB ................................................ 9
7.4 RMON MIB Protocol Identifiers ................................. 10
7.5 Remote Network Monitoring MIB Extensions for Switched Net-
works ........................................................ 10
7.6 RMON MIB Extensions for Interface Parameters Monitoring ....... 11
7.7 RMON for High Capacity Networks ............................... 12
7.8 Application Performance Measurement MIB ....................... 12
7.9 Transport Performance Metrics MIB ............................. 13
7.10 Synthetic Sources for Performance Monitoring MIB ............. 14
8 RMON Framework Components ....................................... 15
8.1 MediaIndependent Table ........................................ 15
8.2 Protocol Directory ............................................ 15
8.3 Application Directory ......................................... 15
8.4 Data Source ................................................... 15
9 Relationship of APM, TPM, and SSPM MIBs ......................... 16
10 Acknowledgements ............................................... 18
11 Informative References ......................................... 18
12 Security Considerations ........................................ 21
13 Author's Address ............................................... 21
Expires May 1, 2003 [Page 2]
Internet Draft RMON Framework November 1, 2002
14 Full Copyright Statement ....................................... 23
4. The SNMP Network Management Framework
The SNMP Management Framework presently consists of five major
components:
o An overall architecture, described in RFC 2571 [RFC2571].
o Mechanisms for describing and naming objects and events for the
purpose of management. The first version of this Structure of
Management Information (SMI) is called SMIv1 and described in
RFC 1155 [RFC1155], RFC 1212 [RFC1212] and RFC 1215 [RFC1215].
The second version, called SMIv2, is described in RFC 2578
[RFC2578], RFC 2579 [RFC2579] and RFC 2580 [RFC2580].
o Message protocols for transferring management information. The
first version of the SNMP message protocol is called SNMPv1 and
described in RFC 1157 [RFC1157]. A second version of the SNMP
message protocol, which is not an Internet standards track
protocol, is called SNMPv2c and described in RFC 1901 [RFC1901]
and RFC 1906 [RFC1906]. The third version of the message
protocol is called SNMPv3 and described in RFC 1906 [RFC1906],
RFC 2572 [RFC2572] and RFC 2574 [RFC2574].
o Protocol operations for accessing management information. The
first set of protocol operations and associated PDU formats is
described in RFC 1157 [RFC1157]. A second set of protocol
operations and associated PDU formats is described in RFC 1905
[RFC1905].
o A set of fundamental applications described in RFC 2573
[RFC2573] and the view-based access control mechanism described
in RFC 2575 [RFC2575].
A more detailed introduction to the current SNMP Management Framework
can be found in RFC 2570 [RFC2570].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. Objects in the MIB are
defined using the mechanisms defined in the SMI.
Expires May 1, 2003 [Page 3]
Internet Draft RMON Framework November 1, 2002
5. Definition of RMON
Remote network monitoring devices, often called monitors or probes, are
instruments that exist for the purpose of managing a network. Often
these remote probes are stand-alone devices and devote significant
internal resources for the sole purpose of managing a network. An
organization may employ many of these devices, one per network segment,
to manage its internet. In addition, these devices may be used for a
network management service provider to access a client network, often
geographically remote.
When the RMON standard was young, this device-oriented definition of
RMON was taken quite literally, as RMON devices were probes purpose-
built and dedicated to running the RMON MIBs. Soon, cards were
introduced that added RMON capability into a network hub, switch or
router. RMON also began to appear as a software capability that was
added to the software of certain network equipment, as well as software
applications that could run on servers or clients. Despite the variety
of these approaches, the RMON capability in each serves as a dedicated
network management resource available for activities ranging from long-
term data collection and analysis or for ad-hoc firefighting.
In the beginning, most, but not all, of RMON's capabilities were based
on the promiscuous capture of packets on a network segment or segments.
Over time, that mixture included more and more capabilities that didn't
depend on promiscuous packet capture. Today, some of the newest
standards added to the RMON framework allow multiple techniques of data
gathering, where promiscuous packet capture is just one of several
implementation options.
6. Goals of RMON
o Offline Operation
There are sometimes conditions when a management
station will not be in constant contact with its
remote monitoring devices. This is sometimes by
design in an attempt to lower communications costs
(especially when communicating over a WAN or
dialup link), or by accident as network failures
affect the communications between the management
station and the probe.
For this reason, this MIB allows a probe to be
configured to perform diagnostics and to collect
Expires May 1, 2003 [Page 4]
Internet Draft RMON Framework November 1, 2002
statistics continuously, even when communication with
the management station may not be possible or
efficient. The probe may then attempt to notify
the management station when an exceptional condition
occurs. Thus, even in circumstances where
communication between management station and probe is
not continuous, fault, performance, and configuration
information may be continuously accumulated and
communicated to the management station conveniently
and efficiently.
o Proactive Monitoring
Given the resources available on the monitor, it
is potentially helpful for it continuously to run
diagnostics and to log network performance. The
monitor is always available at the onset of any
failure. It can notify the management station of the
failure and can store historical statistical
information about the failure. This historical
information can be played back by the management
station in an attempt to perform further diagnosis
into the cause of the problem.
o Problem Detection and Reporting
The monitor can be configured to recognize
conditions, most notably error conditions, and
continuously to check for them. When one of these
conditions occurs, the event may be logged, and
management stations may be notified in a number of
ways.
o Value Added Data
Because a remote monitoring device represents a
network resource dedicated exclusively to network
management functions, and because it is located
directly on the monitored portion of the network, the
remote network monitoring device has the opportunity
to add significant value to the data it collects.
For instance, by highlighting those hosts on the
network that generate the most traffic or errors, the
probe can give the management station precisely the
information it needs to solve a class of problems.
o Multiple Managers
An organization may have multiple management stations
Expires May 1, 2003 [Page 5]
Internet Draft RMON Framework November 1, 2002
for different units of the organization, for different
functions (e.g. engineering and operations), and in an
attempt to provide disaster recovery. Because
environments with multiple management stations are
common, the remote network monitoring device has to
deal with more than own management station,
potentially using its resources concurrently.
7. RMON Standards
The RMON Framework includes a number of standards. Each standard that
makes up the RMON framework defines some new useful behavior (i.e. an
application) and managed objects that configure, control and montitor
that behavior. This section lists those standards and described the role
of each.
Figure 1 shows how many of the components of the RMON framework relate
to one another.
Network Application Diff. Monitoring Sorting
Topology Perf. Monitoring Svcs. Mon. Methods Methods
|<---------->| |<----------------->| |<-------->| |<------->| |<--->|
+------------+ +--------+ +--------+ +----------+ +----+ +---+ +---+ +---+
|Application | | APM | | TPM | | DSMON | | | | P | | S | | |
|Layer | | | | | | | | | | A | | S | | I |
+------------+ +--------+ +--------+ +----------+ | | | S | | P | | F |
| | | S | | M | | T |
+------------+ +----------------------------------+ | | I | | | | O |
| Network | | RMON2 | | V | | A | | P |
| Layer | | | | E | | C | | N |
+------------+ +---------------------------------------+ | | | T | | |
| M | | I | | |
+------------+ +----------+ +--------+ | O | | V | | |
| Data Link | | RMON1 | | SMON | | N | | E | | |
| Layer | | | | | | | | | | |
+------------+ +----------+ +--------+ +---+ +---+ +---+
Figure 1
7.1. RMON-1
The RMON-1 standard is focused at layer 2 and provides link-layer
statistics aggregated in a variety of ways. In addition, it provides
Expires May 1, 2003 [Page 6]
Internet Draft RMON Framework November 1, 2002
generation of alarms when thresholds are crossed as well as the ability
to filter and capture packet contents. The components of RMON-1 are:
The Ethernet Statistics Group
The ethernet statistics group contains statistics measured by the
probe for each monitored Ethernet interface on this device.
The History Control Group
The history control group controls the periodic statistical
sampling of data from various types of networks.
The Ethernet History Group
The ethernet history group records periodic statistical samples
from an ethernet network and stores them for later retrieval.
The Alarm Group
The alarm group periodically takes statistical samples from
variables in the probe and compares them to previously configured
thresholds. If the monitored variable crosses a threshold, an
event is generated. A hysteresis mechanism is implemented to
limit the generation of alarms.
The Host Group
The host group contains statistics associated with each host
discovered on the network. This group discovers hosts on the
network by keeping a list of source and destination MAC Addresses
seen in good packets promiscuously received from the network.
The HostTopN Group
The hostTopN group is used to prepare reports that describe the
hosts that top a list ordered by one of their statistics. The
available statistics are samples of one of their base statistics
over an interval specified by the management station. Thus, these
statistics are rate based. The management station also selects
how many such hosts are reported.
The Matrix Group
The matrix group stores statistics for conversations between sets
Expires May 1, 2003 [Page 7]
Internet Draft RMON Framework November 1, 2002
of two addresses. As the device detects a new conversation, it
creates a new entry in its tables.
The Filter Group
The filter group allows packets to be matched by a filter
equation. These matched packets form a data stream that may be
captured or may generate events.
The Packet Capture Group
The Packet Capture group allows packets to be captured after they
flow through a channel.
The Event Group
The event group controls the generation and notification of events
from this device.
7.2. Token Ring Extensions to RMON MIB
Some of the functions defined in the RMON-1 MIB were defined specific to
Ethernet media. In order to operate the functions on Token Ring Media,
new objects needed to be defined in the Token Ring Extensions to RMON
MIB. In addition, this MIB defines additional objects that provide
monitoring functions unique to Token Ring.
The components of the Token Ring Extensions to RMON MIB are:
The Token Ring Statistics Groups
The Token Ring statistics groups contain current utilization and
error statistics. The statistics are broken down into two groups,
the Token Ring Mac-Layer Statistics Group and the Token Ring
Promiscuous Statistics Group. The Token Ring Mac-Layer Statistics
Group collects information from Mac Layer, including error reports
for the ring and ring utilization of the Mac Layer. The Token
Ring Promiscuous Statistics Group collects utilization statistics
from data packets collected promiscuously.
The Token Ring History Groups
The Token Ring History Groups contain historical utilization and
error statistics. The statistics are broken down into two groups,
Expires May 1, 2003 [Page 8]
Internet Draft RMON Framework November 1, 2002
the Token Ring Mac-Layer History Group and the Token Ring
Promiscuous History Group. The Token Ring Mac-Layer History Group
collects information from Mac Layer, including error reports for
the ring and ring utilization of the Mac Layer. The Token Ring
Promiscuous History Group collects utilization statistics from
data packets collected promiscuously.
The Token Ring Ring Station Group
The Token Ring Ring Station Group contains statistics and status
information associated with each Token Ring station on the local
ring. In addition, this group provides status information for
each ring being monitored.
The Token Ring Ring Station Order Group
The Token Ring Ring Station Order Group provides the order of the
stations on monitored rings.
The Token Ring Ring Station Config Group
The Token Ring Ring Station Config Group manages token ring
stations through active means. Any station on a monitored ring
may be removed or have configuration information downloaded from
it.
The Token Ring Source Routing Group
The Token Ring Source Routing Group contains utilization
statistics derived from source routing information optionally
present in token ring packets.
7.3. The RMON-2 MIB
The RMON-2 MIB extends the architecture defined in RMON-1 primarily by
extending RMON analysis up to the application layer.
The components of the RMON-2 MIB are:
The Protocol Directory Group
Every RMON 2 implementation will have the capability to parse
certain types of packets and identify their protocol type at
multiple levels, The protocol directory presents an inventory of
Expires May 1, 2003 [Page 9]
Internet Draft RMON Framework November 1, 2002
those protocol types the probe is capable of monitoring, and
allows the addition, deletion, and configuration of protocol types
in this list.
Protocol Distribution Group
This function controls collection of packet and octet counts for
any or all of the protocols detected on a given interface. An NMS
can use this table to quickly determine bandwidth allocation
utilized by different protocols.
Address Mapping Group
This function lists MAC address to network address bindings
discovered by the probe and what interface they were last seen on.
Network Layer Host Group
This function counts the amount of traffic sent from and to each
network address discovered by the probe.
Network Layer Matrix Group
This function counts the amount of traffic sent between each pair
of network addresses discovered by the probe.
Application Layer Host Group
This function counts the amount of traffic, by protocol, sent from
and to each network address discovered by the probe.
Application Layer Matrix
This function counts the amount of traffic, by protocol, sent
between each pair of network addresses discovered by the probe.
User History
This function allows an NMS to request that certain variables on
the probe be periodically polled and for a time-series to be
stored of the polled values.
Probe Configuration
This group contains configuration objects that configure many
Expires May 1, 2003 [Page 10]
Internet Draft RMON Framework November 1, 2002
aspects of the probe including the software downloaded to the
probe, the out of band serial connection and the network
connection.
7.4. RMON MIB Protocol Identifiers
The RMON-2 MIB identifies protocols at any layer of the 7 layer
hierarchy with an identifier called a Protocol Identifier, or ProtocolID
for short.. ProtocolIDs also identify the particular configuration of
layering in use including any arbitrary encapsulations. The RMON MIB
Protocol Identifiers document is a companion document to the RMON-2 MIB
that defines a number of well-known protocols.
As the RMON Framwork has grown, other standards have been added to the
framework that utilize ProtocolIDs.
7.5. Remote Network Monitoring MIB Extensions for Switched Networks
Switches have become pervasive in today's networks as a form of
broadcast media. SMON provides RMON-like functions for the monitoring of
switched networks.
Switches today differ from standard shared media protocols because:
1) Data is not, in general, broadcast. This MAY be caused by the
switch architecture or by the connection-oriented nature of the
data. This means, therefore, that monitoring non-broadcast
traffic needs to be considered.
2) Monitoring the multiple entry and exit points from a switching
device requires a vast amount of resources - memory and CPU, and
aggregation of the data in logical packets of information,
determined by the application needs.
3) Switching incorporates logical segmentation such as Virtual LANs
(VLANs).
4) Switching incorporates packet prioritization.
5) Data across the switch fabric can be in the form of cells. Like
RMON, SMON is only concerned with the monitoring of packets.
Differences such as these make monitoring difficult. The SMON MIB
Expires May 1, 2003 [Page 11]
Internet Draft RMON Framework November 1, 2002
provides the following functions that help to manage switched networks:
smonVlanStats
This function provides traffic statistics per Virtual LAN for
802.1q VLANs.
smonPrioStats
This function provides traffic statistics per priority level for
802.1q VLANS.
dataSourceCaps
This function identifies all supported data sources on an SMON
device. An NMS MAY use this table to discover the RMON and Copy
Port attributes of each data source.
portCopyConfig
Many network switches provide the capability to make a copy of
traffic seen on one port and send it out another port for
management purposes. This occurs in addition to any copying
performed during the normal forwarding behavior of the switch.
The portCopyConfig function provides control of the port copy
functionality in a device.
7.6. RMON MIB Extensions for Interface Parameters Monitoring
Many network switches contain hundreds of ports, many with only one
attached device. A common operation when managing such a switch is to
sort the interfaces by one of the parameters (e.g. to the find the most
highly utilized interface). If the switch contains many interfaces it
can be expensive and time consuming to download information for all
interfaces to sort it on the NMS. Instead, the ifTopN MIB allows the
sorting to occur on the switch and for only the top interfaces to be
downloaded.
7.7. RMON Extensions for Differentiated Services (DSMON MIB)
This MIB defines extensions of RMON for monitoring the traffic usage of
Differentiated Services [RFC2474] codepoint values. The 6-bit DiffServ
Expires May 1, 2003 [Page 12]
Internet Draft RMON Framework November 1, 2002
codepoint portion (DSCP) of the Type of Service (TOS) octet in the IP
header provides for 64 different packet treatments for the
implementation of differentiated network devices. DSMON-capable RMON
probes collect and aggregate statistics based on the inspection of the
DSCP value in monitored packets.
The DSMON MIB defines a DSCP counter aggregation mechanism to reduce the
total number of counters by configuring the agent to internally
aggregate counters based on the DSCP value. This mechanism is designed
to overcome the agent data collection limitation, performs data
reduction at the agent and applications level, and optimizes the
application for cases when some codepoint values are not used, or lead
to similar packet treatment in the monitored network domain.
The components of the DSMON MIB are:
The Aggregate Control Group
The aggregate Control Group enables the configuration of the
counter aggregation groups.
The DSMON Statistics Group
The DSMON Statistics Group contains per counter aggregation group
distribution statistics for a particular RMON data source.
The DSMON Protocol Distribution Group
The DSMON Protocol Distribution Group reports per counter
aggregation distribution statistics for each application protocol
detected on a particular RMON data source.
The DSMON Host Group
The DSMON Host Group contains host address distribution statistics
for each counter aggregation group, detected on a particular RMON
data source.
The DSMON Capabilities Group
The DSMON Capabilities Group reports the DSMON MIB functional
capabilities of the agent implementation.
The DSMON Matrix Group
Expires May 1, 2003 [Page 13]
Internet Draft RMON Framework November 1, 2002
The DSMON Matrix Group contains host address pair distribution
statistics for each counter aggregation group, detected on a
particular RMON data source.
7.8. RMON for High Capacity Networks
This MIB defines extensions to RMON for use on high capacity networks.
Except for the mediaIndependentTable, each of the tables in this MIB
adds high capacity capability to an associated table in the RMON-1 MIB
or RMON-2 MIB.
The mediaIndependentTable provides media independent utilization and
error statistics for full-duplex and half-duplex media. Prior to the
existence of the HCRMON MIB, a new table needed to be created for RMON
monitoring of each data-link layer media. These tables included many
statistical attributes of the media including packet and octet counters
that are independent of the media type. This wasn't optimal because
there was no way to monitor media types for which a media-specific table
had not been defined. Further, there were no common objects to monitor
media-independent attributes between media types.
In the future, for media other than ethernet and token ring, the
mediaIndependentTable will be the source for media-independent
statistics. Additional media-specific tables may be created to provide
attributes unique to particular media such as error counters.
The HC-RMON MIB contains a number of groups that each extend a group in
the original RMON-1 and RMON-2 MIBs. In addition, the
mediaIndependentGroup contains objects that allow media independent
monitoring.
7.9. Application Performance Measurement MIB
The APM MIB provides analysis of application performance as experienced
by end-users.
Application performance measurement measures the quality of service
delivered to end-users by applications. With this perspective, a true
end-to-end view of the IT infrastructure results, combining the
performance of the application, desktop, network, and server, as well as
any positive or negative interactions between these components.
Expires May 1, 2003 [Page 14]
Internet Draft RMON Framework November 1, 2002
Despite all the technically sophisticated ways in which networking and
system resources can be measured, human end-users perceive only two
things about an application: availability and responsiveness.
Availability - The percentage of the time that the application is
ready to give a user service.
Responsiveness - The speed at which the application delivers the
requested service.
The APM MIB includes the following functions:
The APM Application Directory Group
The APM Application Directory group contains configuration objects
for every application or application verb monitored on this
system.
The APM User Defined Applications Group
The APM User Defined Applications Group contains objects that
allow for the tracking of applications or application verbs that
aren't registered in the protocolDirectoryTable.
The APM Report Group
The APM Report Group is used to prepare regular reports that
aggregate application performance by flow, by client, by server,
or by application.
The APM Transaction Group
The APM Transaction Group is used to show transactions that are
currently in progress and ones that have ended recently, along
with their responsiveness metric.
Because many transactions last a very short time, they will exist
in this table for a very short time. Thus, polling this table is
not an effective mechanism for retrieving all transactions.
This table is designed to allow a management station to check on
the status of long-lived transactions. Because the apmReport and
apmException mechanisms act only on transactions that have
finished, a network manager may not have visibility for some time
into the performance of long-lived transactions such as streaming
Expires May 1, 2003 [Page 15]
Internet Draft RMON Framework November 1, 2002
applications, large data transfers, or (very) poorly performing
transactions. In fact, by their very definition, the apmReport and
apmException mechanisms only provide visibility into a problem
after nothing can be done about it. The apmTransactionTable
provides visibility into transactions that are currently executing
and will allow a management station to find status of long-lived
transactions.
The APM Exception Group
The APM Exception Group is used to generate immediate
notifications of transactions that cross certain thresholds. The
apmExceptionTable is used to configure which thresholds are to be
checked for which types of transactions. The
apmTransactionResponsivenessAlarm notification is sent when a
transaction occurs with a responsiveness that crosses a threshold.
The apmTransactionUnsuccessfulAlarm notification is sent when a
transaction fails for which exception checking was configured.
The APM Notification Group
The APM Notification Group contains 2 notifications that are sent
when thresholds in the APM Exception Table are exceeded.
7.10. RMON MIB Protocol Identifier Reference Extensions
The protocol identifier defined in RMON2 [RFC2021] can identify any
protocol at any layer and its encapsulation. The protocol identifier
macro document [RFC2896] defines a convenient human readable and machine
parseable format for documenting well-known protocols.
For the most part the protocol identifiers used by RMON2 implementations
have described protocols at any layer including the application layer
but haven't gone any deeper into the application. In order to
differentiate an application's behavior while performing different tasks
(logging in vs. downloading, for example) it is important to have a
separate protocol identifier for each application "verb". The macro
defined in [RFC2896] is inconvenient for defining application verbs
because it assumes that most protocols are identified by an integer type
field and many or most applications use other means for identifying
verbs, including character strings.
These extensions define another macro for defining application verbs
that are children of an application. The parent application can be
Expires May 1, 2003 [Page 16]
Internet Draft RMON Framework November 1, 2002
defined with the original protocol identifier macro and the application
verbs are defined with the new macro.
7.11. Transport Performance Metrics MIB
The TPM MIB monitors selectable performance metrics and statistics
derived from the monitoring of network packets and sub-application level
transactions. The metrics are defined through reference to existing
IETF, ITU and other standards organizations' documents. The monitoring
covers both passive and active traffic generation sources.
The TPM MIB includes the following functions:
The tpmCapabilities Group
The tpmCapabilitiesGroup contains objects and tables which show
the measurement protocol and metric capabilities of the agent.
The tpmAggregateReports Group
The tpmAggregateReportsGroup is used to provide the collection of
aggregated statistical measurements for the configured report
intervals.
The tpmCurrentReports Group
The tpmCurrentReportsGroup is used to provide the collection of
uncompleted measurements for the current configured report for
those transactions caught in progress. A history of these
transactions is also maintained once the current transaction has
completed.
The tpmExceptionReports Group
The tpmExceptionReportsGroup is used to link immediate
notifications of transactions that exceed certain thresholds
defined in the apmExceptionGroup [APM]. This group reports the
aggregated sub-application measurements for those applications
exceeding thresholds.
Expires May 1, 2003 [Page 17]
Internet Draft RMON Framework November 1, 2002
7.12. Synthetic Sources for Performance Monitoring MIB
The Synthetic Sources for Performance Monitoring MIB [SSPM] covers the
artificial generation of a) application-level, b) transport-level, and
c) link-level traffic for the purpose of monitoring system performance.
There are situations where it is useful to be able to control the
generation of synthetic traffic when evaluating system performance.
There are other situations where system performance evaluation can rely
upon naturally generated application-level traffic, in which case one
needs only monitor existing traffic and not instrument synthetic
traffic. The SSPM MIB provides the ability to configure and control the
generation of this synthetic traffic.
7.13. RMON MIB Extensions for High Capacity Alarms
There is a need for a standardized way of providing the same type of
alarm thresholding capabilities for Counter64 objects, as already exists
for Counter32 objects. The RMON-1 alarmTable objects and RMON-1
notification types are specific to 32-bit objects, and cannot be used to
properly monitor Counter64-based objects. Extensions to these existing
constructs are needed which explicitly support Counter64-based objects.
These extensions are completely independent of the existing RMON-1 alarm
mechanisms.
This MIB contains 3 functions:
The hcAlarmControlObjects group
Controls the configuration of alarms for high capacity MIB object
instances.
The hcAlarmCapabilities group
Describes the high capacity alarm capabilities provided by the
agent.
The hcAlarmNotifications group
Provide new rising and falling threshold notifications for high
capacity objects.
Expires May 1, 2003 [Page 18]
Internet Draft RMON Framework November 1, 2002
8. RMON Framework Components
The collection of standards in the RMON Framework are associated by 1. A
common purpose and similar collection methodologies; and, 2. Use of
common infrastrure components
These common infrastructure components are:
- MediaIndependent Table
- Protocol Directory
- appDirectory
- DataSource
- Capabilities
8.1. MediaIndependent Table
While many ata-link media types exist and they each have unique
features, there are many statistics that are common across most media.
For example, counts of packets and octets are interesting for most
media. The media independent table contains the most common such
statistics and forms a super class from which specific interface types
are inherited. This means that the common statistics can be monitored
even for media types that are unknown.
For example, if the mediaindependentTable had existed prior to the
definition of the etherStatsTable, the etherStatsTable could have
ommitted the etherStatsDropEvents, etherStatsOctets, etherStatsPkts.
The Media Independent Table is defined in the High Capacity RMON MIB
[RFC3287].
8.2. Protocol Directory
The second of the RMON infrastructure components is the Protocol
Directory Group defined in the RMON2 MIB [RFC2021]. The main
objective of RMON2 was to extend the remote network monitoring agents
capabilities beyond link layer to higher level protocol monitoring.
This required a means to globally identify individual protocol
encapsulations. This capability is provided by the Protocol
Directory Group and specifically the protocolDirID found in the
protocolDirTable in the RMON2 MIB.
The Protocol Directory allows the agent to provide an inventory of
the protocols that the agent can decode, count, categorize and time.
Expires May 1, 2003 [Page 19]
Internet Draft RMON Framework November 1, 2002
The directory and its objects are designed to allow for the addition,
deletion and configuration of the protocol encapsulations in the
directory list. The Protocol Directory Group consists of the
protocolDirLastChange object and the protocolDirTable. The key
element in the protocolDirTable is the protocolDirID. The
protocolDirID is a hierarchically formatted OCTET STRING to globally
identify individual protocol encapsulations. A protocol descriptor
macro has been defined in RFC 2895 [RFC2895] to describe the various
protocol layers supported in the protocolDirID protocol hierarchy.
The protocolDirID is defined as a tree built up from successive
protocol encapsulations. Each layer is identified by 4 octet sub-
identifiers constructed from the protocol identifier fields at the
various layers of the encapsulation. The number of layers (actually
the number of octets in the total encapsulation string) in the
specific encapsulation is identified by a 1 octet count field
prepending the string of protocol sub-identifiers.
Associated with each protocol layer in the protocolDirID is a 1 octet
parameter field. The collection of these protocol parameters is
referred to as the protocolDirParameters. These 1 octet parameters
identify the agents capability to count fragmented packets correctly
and to track sessions for port mapped protocols, e.g., TFTP. A 1
octet count of the number of octets in the protocolDirParameters is
prepended to the protocolDirParameters.
The protocolDirTable index is comprised of the protocolDirID, the
protocolDirParameters and their associated length fields. The index
format is shown in Figure 2.
+---+--------------------------+---+---------------+
| c ! | c ! protocolDir |
| n ! protocolDirID | n ! Parameters |
| t ! | t ! |
+---+--------------------------+---+---------------+
Figure 2: the protocolDirTable INDEX format.
An example protocolDirTable INDEX for SNMP over UDP over IP over
Ethernet is:
16.0.0.0.1.0.0.8.0.0.0.0.17.0.0.0.161.4.0.0.0.0
Expires May 1, 2003 [Page 20]
Internet Draft RMON Framework November 1, 2002
| | | | | | | |
+--+-------+-------+--------+---------+-+-------+
c ether2 ip udp snmp c param.
c = 1 octet count field
Figure 3: A protocolDirTable INDEX example for
SNMP over UDP over IP over Ethernet.
The set of defined protocol layers currently described is found in
RFC2896 [RFC2896]. RFC2895 [RFC2895] defines a process for
suggesting new protocols to add to the currently defined set. If
accepted, then RFC2896 would be updated to reflect these additions.
In fact, RFC2896 is the second version of the defined protocol
macros, obsoleting RFC2074 [RFC2074]. RFC2895 also defines how to
handle protocols that do not map into this well defined tree
hierarchy built up from encapsulation protocol identifiers. An
example of such a protocol encapsulation is RTP which is mapped to
specific UDP ports through a separate signalling mechanism. These
are handled by the ianaAssigned protocols, as described in RFC2895.
The protocolDirTable is defined (and used) in the RMON2 MIB
[RFC2021], and is being used in other RMONMIB WG MIBs as well as
other IETF defined MIBs. Examples include the APM MIB, the TPM MIB
and the SSPM MIB [KAL2002].
As mentioned in previous sections, the protocolDirID is recently
being extended in two ways. First, work is underway on a new set of
protocol descriptor macros which extend the protocol encapsulation
model to application layer verbs [BIE2002]. This extension was
motivated by the work on the APM MIB [WAL2002] and the TPM MIB
[DIE2002]. Second, the APM MIB [WAL2002] defines the
apmAppDirectoryTable which provides a directory of applications that
the agent can process. This is discussed further in the following
section. Combined, these extensions allow:
+ The APM MIB to define and monitor end-user's view of application
performance.
+ The TPM MIB to clearly specify the sub-transactions that
comprise the application it monitors through the
tpmTransMetricDirTable.
Expires May 1, 2003 [Page 21]
Internet Draft RMON Framework November 1, 2002
+ The SSPM MIB [KAL2002] to generate synthetic application
transactions by importing the appLocalIndex from the APM MIB.
8.3. Application Directory and appLocalIndex
APM, TPM and related applications collect certain types of statistics
for each application or application verb they are decoding. Some
applications and application verbs are defined in the protocol directory
and thus get their own protocolID and a corresponding
protocolDirLocalIndex. Other application verbs are defined more
dynamically by entries in the apmHttpFilterTable or
apmUserDefinedAppTable. These dynamically defined applications don't
have protocolDirID's assigned to them
The APM MIB defines an important index called the appLocalIndex. For all
application monitoring in the APM and TPM MIBs, applications are
identified by integer values of the appLocalIndex. However, there is no
single registry of applications (as there is for protocols) because
there are a few different mechanisms through which an application may be
registered. For each value of appLocalIndex, a corresponding entry will
exist in one of several tables:
1. The protocolDirTable - Some values of appLocalIndex
correspond to protocolDirLocalIndex values assigned in the
protocolDirTable. Each of these correspond to a protocol defined
by a protocolID.
2. The apmHttpFilterTable - Some values of appLocalIndex correspond
to apmHttpFilterAppLocalindex values assigned in the
apmHttpFilterTable. Each of these correspond to an application
verb defined as a set of HTTP transactions that match a set of
filters.
3. The apmUserDefinedAppTable - Some values of appLocalIndex
correspond to index values of the apmUserDefinedAppTable. Each
of them correspond to an application or application verb defined
in a user-defined way.
Each value of appLocalIndex will only be registered in one of these
tables. In effect, the appLocalIndex number space is the union of these
number spaces, where these tables must work together to avoid assigning
overlapping (duplicate) appLocalIndexes.
Each unique appLocalIndex value is also registered in the
Expires May 1, 2003 [Page 22]
Internet Draft RMON Framework November 1, 2002
apmAppDirectoryTable where a number of attributes of the application may
be configured.
8.4. Data Source
Most RMON functions use a DataSource as a pointer to the entity from
which data is to be collected. The DataSource is an object identifier
which identifies one of three types of data sources:
ifIndex.<I>
Traditional RMON dataSources. Called 'port-based' for ifType.<I>
not equal to 'propVirtual(53)'. <I> is the ifIndex value (see
[22]).
smonVlanDataSource.<V>
A dataSource of this form refers to a 'Packet-based VLAN' and is
called a 'VLAN-based' dataSource. <V> is the VLAN ID as defined by
the IEEE 802.1Q standard [19]. The value is between 1 and 4094
inclusive, and it represents an 802.1Q VLAN-ID with global scope
within a given bridged domain, as defined by [19].
entPhysicalEntry.<N>
A dataSource of this form refers to a physical entity within the
agent and is called an 'entity-based' dataSource. <N> is the value
of the entPhysicalIndex in the entPhysicalTable (see [18]).
8.5. Capabilities
Probe Capabilities objects have been introduced in the RMON MIBs with
the goal of helping applications determine the capabilities of the
different probes in the domain. These objects use a BITS syntax (with
the exception of some of the objects in the TPM and SSPM MIBs), and list
in an explicit manner the MIB groups supported by the probe, as well as
functional capabilities of the specific RMON agents. By reading the
values of these objects it is possible for applications to apply the
relevant RMON functions without going through a trial-and-error process
that can result in loss of time and bandwidth in the operational flow.
These objects have the MAX-ACCESS of read-only, which defines their use
as an indication of what is supported by a probe, and not a means to
Expires May 1, 2003 [Page 23]
Internet Draft RMON Framework November 1, 2002
configure the probe for operational modes. An RMON agent SHOULD initiate
the capabilities objects at agent initialization and SHOULD NOT modify
the objects during operation.
The probeCapabilities object in the RMON2 MIB describes the capabilities
of probes that support RMON, Token-Ring RMON and RMON2.
The smonCapabilities object in the SMON MIB describes the generic
capabilities of probes that support the SMON MIB.
The dataSourceCapsTable in the SMON MIB defines the capabilities of the
SMON data sources on probes that support the RMON MIB.
The interfaceTopNCaps object in the Interface TopN MIB defines the
sorting capabilities supported by an agent that supports the Interface
TopN MIB.
The dsmonCapabilities object in the DSMON MIB provides an indication of
the DSMON groups supported by an agent that supports the DSMON MIB.
The tpmCapabilitiesGroup contains objects and tables, which show the
measurement protocol and metric capabilities of an agent that supports
the TPM MIB.
The sspmCapabilitiesTable indicates whether SSPM configuration of the
corresponding AppLocalIndex is supported by a device supporting the SSPM
MIB.
The hcAlarmCapabilities object provides an indication of the high
capacity alarm capabilities supported by an agent that supports the HC-
Alarm MIB.
Expires May 1, 2003 [Page 24]
Internet Draft RMON Framework November 1, 2002
9. Relationship of APM, TPM, and SSPM MIBs
Figure 4 below shows an overiew of the components of the performance
monitoring system. On the far left of the diagram are the "Traffic
Generation Control" and the "Traffic Generation Instrumentation". In
the middle of the diagram is "Monitoring Metrics Control" and Monitoring
Metrics Instrumentation". In the far right of the diagram is "Data
Reduction Control" and "Data Reduction Instrumentation" leading up to
"Reports" at the bottom right of the figure. The RMON standards address
the "Control-Level" in this diagram and some aspects of the
"Synchronization Control-Level". The underlying "Instrumentation-Level"
is implementation dependent and outside the domain of the RMONMIB
specifications.
+----------------+
+-------------| Application |-------------+
| +----------------+ |
| | |
+--------------------------------+ |
| Synchronization Control | |
+--------------------------------+ |
| | |
V V V
+------------------+ +------------------+ +--------------+
|Traffic Generation| |Monitoring Metrics| |Data Reduction|
| Control | | Control | | Control |
+------------------+ +------------------+ +--------------+
| ^ | ^ | ^
| | | | | |
V | V | V |
+------------------+ +------------------+ +---------------+
|Traffic Generation| |Monitoring Metrics| |Data Reduction |
| Instrumentation| | Instrumentation| +-->|Instrumentation|
+------------------+ +------------------+ | +---------------+
| |
| |
Various levels | |
and span +-----------|
|
|
V
Reports
Expires May 1, 2003 [Page 25]
Internet Draft RMON Framework November 1, 2002
Figure 4: A performance monitoring system
It is the responsibility of the network management application to
coordinate the individual aspects of the performance management
system.
Within the APM, TPM, and SSPM set of RMONMIB MIBs:
+ APMMIB [2] is responsible for the aspects of the "Monitoring
Metrics Control" directly related to the end-user's perceived
application-level performance. The APMMIB also handles aspects of
"Data Reduction Control" and "Reports". Finally, when TPMMIB
relies upon the control tables in the APMMIB for its own control,
then APMMIB is providing some aspects of "Synchronization Control"
of the reports from these two MIBs.
+ TPMMIB [3] is responsible for the aspects of the "Monitoring
Metrics Control". TPMMIB also handles aspects of "Data Reduction
Control" and "Reports" related to sub-application-level
transactions. Synchronization control with APMMIB is provided by
opting to rely on the APMMIB control tables within the TPMMIB.
+ SSPMMIB [1] is responsible for the "Traffic Generation Control"
in the event that synthetic traffic is to be monitored. The
other, most common, option is to monitor natural, user-generated
traffic.
The "Monitor Metrics Control" is essentially hard-coded in the
APMMIB. Within the TPMMIB, a metrics table is used to identify the
metrics monitored within a specific implementation of te TPMMIB. The
"Data Reduction Control" is essentially hard-coded within the MIB
structure of the APMMIB and the TPMMIB. These MIBs strictly specify
the statistics to be reported within a set of reports tables.
Both the TPMMIB and the SSPMMIB rely upon the APMMIB's appLocalIndex
to specify the application being monitored or generated. The APMMIB
provides the end-user view of the application performance, e.g., the
Whois transaction time. The TPMMIB, through its
tpmTransMetricDirTable, identifies a set of sub-application level
transactions and their metrics which are associated with the
application. E.g, an implementation of the TPMMIB could report the
DNS lookup time, the TCP connect time (to the Whois Server), the
Whois Req/Resp download time. The SSPMMIB could be configured to
Expires May 1, 2003 [Page 26]
Internet Draft RMON Framework November 1, 2002
generate synthetically, these Whois transactions.
The testing model then is to first configure the traffic generation
instrumentation through the SSPMMIB control function. This defines
aspects of the synthetic traffic such as application type, targets,
etc. Once the traffic generation is configured, the network
management application can setup the monitoring instrumentation
through the APMMIB and TPMMIB. These control the reporting periods,
the type of data aggregation, etc. Once the tests are complete, the
network management application retrieves the reports from the
monitoring metrics control MIBs, e.g., APMMIB and TPMMIB.
10. Acknowledgements
This memo is a product of the RMON MIB working group.
11. Informative References
[RFC1905]
SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Protocol Operations for Version 2 of the Simple
Network Management Protocol (SNMPv2)", RFC 1905, SNMP Research,
Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc.,
International Network Services, January 1996.
[RFC1906]
SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Transport Mappings for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco
Systems, Inc., Dover Beach Consulting, Inc., International Network
Services, January 1996.
[RFC2026]
Bradner, S., "The Internet Standards Process -- Revision 3", RFC
2026, Harvard University, October, 1996.
[RFC2119]
S. Bradner, "Key words for use in RFCs to Indicate Requirement
Levels" RFC 2119, Harvard University, March 1997.
[RFC2571]
Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for
Describing SNMP Management Frameworks", RFC 2571, Cabletron
Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, April
Expires May 1, 2003 [Page 27]
Internet Draft RMON Framework November 1, 2002
1999.
[RFC2572]
Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message
Processing and Dispatching for the Simple Network Management
Protocol (SNMP)", RFC 2572, SNMP Research, Inc., Cabletron Systems,
Inc., BMC Software, Inc., IBM T. J. Watson Research, April 1999.
[RFC2573]
Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC
2573, SNMP Research, Inc., Secure Computing Corporation, Cisco
Systems, April 1999.
[RFC2574]
Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for
version 3 of the Simple Network Management Protocol (SNMPv3)", RFC
2574, IBM T. J. Watson Research, April 1999.
[RFC2575]
Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access
Control Model (VACM) for the Simple Network Management Protocol
(SNMP)", RFC 2575, IBM T. J. Watson Research, BMC Software, Inc.,
Cisco Systems, Inc., April 1999.
[RFC2578]
McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.,
and S. Waldbusser, "Structure of Management Information Version 2
(SMIv2)", RFC 2578, STD 58, Cisco Systems, SNMPinfo, TU
Braunschweig, SNMP Research, First Virtual Holdings, International
Network Services, April 1999.
[RFC2579]
McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.,
and S. Waldbusser, "Textual Conventions for SMIv2", RFC 2579, STD
58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research, First
Virtual Holdings, International Network Services, April 1999.
[RFC2580]
McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.,
and S. Waldbusser, "Conformance Statements for SMIv2", RFC 2580,
STD 58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research,
First Virtual Holdings, International Network Services, April 1999.
[RFC1155]
Rose, M., and K. McCloghrie, "Structure and Identification of
Expires May 1, 2003 [Page 28]
Internet Draft RMON Framework November 1, 2002
Management Information for TCP/IP-based Internets", RFC 1155,
Performance Systems International, Hughes LAN Systems, May 1990.
[RFC1157]
Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network
Management Protocol", RFC 1157, SNMP Research, Performance Systems
International, Performance Systems International, MIT Laboratory
for Computer Science, May 1990.
[RFC1212]
Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212,
Performance Systems International, Hughes LAN Systems, March 1991.
[RFC1215]
M. Rose, "A Convention for Defining Traps for use with the SNMP",
RFC 1215, Performance Systems International, March 1991.
[RFC1901]
SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901,
SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting,
Inc., International Network Services, January 1996.
[RFC1907]
SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
Waldbusser, "Management Information Base for Version 2 of the
Simple Network Management Protocol (SNMPv2)", RFC 1907, SNMP
Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc.,
International Network Services, January 1996.
[RFC2570]
Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to
Version 3 of the Internet-standard Network Management Framework",
RFC 2570, SNMP Research, Inc., TIS Labs at Network Associates,
Inc., Ericsson, Cisco Systems, April 1999.
[RFC2819]
Waldbusser, S., Remote Network Monitoring Management Information
Base, RFC 2819, May 2000.
[RFC2021]
Waldbusser, S., Remote Network Monitoring Management Information
Base - Version 2 using SMIv2, RFC 2021, January 1997.
Expires May 1, 2003 [Page 29]
Internet Draft RMON Framework November 1, 2002
[RFC2074]
Bierman, A., and R. Iddon, Remote Network Monitoring Management
Information Base Protocol Identifiers, RFC 2074, January 1997.
[RFC2895]
Bierman, A., Bucci, C., and R. Iddon, Remote Network Monitoring
Management Information Base Protocol Identification Reference, RFC
2895, August 2000.
[RFC2896]
Bierman, A., Bucci, C., and R. Iddon, Remote Network Monitoring
Management Information Base Protocol Identifier Macros, RFC 2896,
August 2000.
[RFC2613]
Waterman, R., Lahaye, B., Romascanu, D., and S. Waldbusser, Remote
Network Monitoring MIB Extensions for Switched Networks Version
1.0, RFC 2613, June 1999.
[RFC3144]
Waldbusser, S., Remote Monitoring MIB Extensions for Interface
Parameters Monitoring, RFC 3144, August 2001.
[RFC3287]
Bierman, A., Remote Monitoring MIB Extensions for Differentiated
Services, RFC 3287, July 2002.
[RFC3273]
Waldbusser, S., Remote Network Monitoring Management Information
Base for High Capacity Networks, RFC 3273, July 2002.
[APM]
Waldbusser, S., "Application performance measurement MIB", <draft-
ietf-rmonmib-apm-mib-07.txt>, 20 July 2001.
[APPVERBS]
Bierman, A., Bucci, C., Dietz, R. and A. Warth, Remote Network
Monitoring Management Information Base Protocol Identifier
Reference Extensions, <draft-ietf-rmonmib-appverbs-04.txt>, August
2002. August 2000.
[TPM]
Dietz, R. and R.G.Cole, "Application Performance Measurement
Framework Transport Performance Metrics MIB", Internet Draft,
<draft-ietf-rmonmib-tpm-mib-07.txt>, 16 July 2001.
Expires May 1, 2003 [Page 30]
Internet Draft RMON Framework November 1, 2002
[SSPM]
Kalbfleisch, K., Cole, R.G. and D. Romascanu, "Definition of
Managed Objects for Synthetic Sources for Performance Monitoring
Algorithms, <draft-ietf-rmonmib-sspm-mib-05.txt>, August 2002.
[HCALARM]
Bierman, A., and K. McCloghrie, "Remote Monitoring MIB Extensions
for High Capacity Alarms", <draft-ietf-rmonmib-hc-alarm-
mib-01.txt>, April 2002.
[RFC2233]
McCloghrie, K., and F. Kastenholz, "The Interfaces Group MIB Using
SMIv2", RFC 2233, Cisco Systems, FTP Software, November, 1997.
[RFC2863]
McCloghrie, K., and F. Kastenholz, "The Interfaces Group MIB", RFC
2863, Cisco Systems, Argon Networks, June, 2000.
[RFC2330]
Paxson, V., Almes, G., Mahdavi, J. and M. Mathis, "Framework for IP
Performance Metrics", RFC 2330, May 1998.
[OWDP]
Shalunov, S., Teitelbaum, B. and M. Zekauskas, "A One-Way Delay
Protocol for IP Performance Measurements", <draft-ietf-ippm-
owdp-02.txt>, February 2001.
12. Security Considerations
This document is a description of existing standards and as such it does
not have any security impact.
13. Author's Address
Steve Waldbusser
Phone: +1 650-948-6500
Fax: +1 650-745-0671
Email: waldbusser@nextbeacon.com
Carl W. Kalbfleisch
NTT/VERIO
8700 Stemmons Freeway, Suite 211
Dallas, TX 75247
USA
Expires May 1, 2003 [Page 31]
Internet Draft RMON Framework November 1, 2002
Tel: +1 972-906-2034
Email: cwk@verio.net
Robert G. Cole
AT&T Labs
Network Design and Performance Analysis Department
330 Saint John Street, 2nd Floor
Havre de Grace, MD 21078
Phone: +1 410-939-8732
Fax: +1 410-939-8732
Email: rgcole@att.com
Dan Romascanu
Avaya Communication
Atidim Technology Park, Bldg. #3
Tel Aviv, 61131
Israel
Tel: +972-3-645-8414
Email: dromasca@avaya.com
Expires May 1, 2003 [Page 32]
Internet Draft RMON Framework November 1, 2002
14. Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are included
on all such copies and derivative works. However, this document itself
may not be modified in any way, such as by removing the copyright notice
or references to the Internet Society or other Internet organizations,
except as needed for the purpose of developing Internet standards in
which case the procedures for copyrights defined in the Internet
Standards process must be followed, or as required to translate it into
languages other than English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an "AS
IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.
Expires May 1, 2003 [Page 33]
Internet Draft RMON Framework November 1, 2002
Table of Contents
1 Copyright Notice ................................................ 2
2 Abstract ........................................................ 2
3 Table of Contents ............................................... 2
4 The SNMP Network Management Framework ........................... 3
5 Definition of RMON .............................................. 4
6 Goals of RMON ................................................... 4
7 RMON Standards .................................................. 6
7.1 RMON-1 ........................................................ 6
7.2 Token Ring Extensions to RMON MIB ............................. 8
7.3 The RMON-2 MIB ................................................ 9
7.4 RMON MIB Protocol Identifiers ................................. 11
7.5 Remote Network Monitoring MIB Extensions for Switched Net-
works ........................................................ 11
7.6 RMON MIB Extensions for Interface Parameters Monitoring ....... 12
7.7 RMON Extensions for Differentiated Services (DSMON MIB) ....... 12
7.8 RMON for High Capacity Networks ............................... 14
7.9 Application Performance Measurement MIB ....................... 14
7.10 RMON MIB Protocol Identifier Reference Extensions ............ 16
7.11 Transport Performance Metrics MIB ............................ 17
7.12 Synthetic Sources for Performance Monitoring MIB ............. 18
7.13 RMON MIB Extensions for High Capacity Alarms ................. 18
8 RMON Framework Components ....................................... 19
8.1 MediaIndependent Table ........................................ 19
8.2 Protocol Directory ............................................ 19
8.3 Application Directory and appLocalIndex ....................... 22
8.4 Data Source ................................................... 23
8.5 Capabilities .................................................. 23
9 Relationship of APM, TPM, and SSPM MIBs ......................... 25
10 Acknowledgements ............................................... 27
11 Informative References ......................................... 27
12 Security Considerations ........................................ 31
13 Author's Address ............................................... 31
14 Full Copyright Statement ....................................... 33
Expires May 1, 2003 [Page 34]
