RMON: Rx for your network
*RMON: Rx for your network's health; management protocol provides cost-effective monitoring via probes installed throughout network. (PC Week Netweek)
PC Week Oct 31, 1994 v11 n43 pN3(1)
PC Week Oct 31, 1994 v11 n43 pN3(1)
RMON: Rx for your network's health; management protocol
provides cost-effective monitoring via probes installed
throughout network. (PC Week Netweek)
by Blakeley, Michael
Abstract
Organizations should install RMON active network monitoring system on
their networks so they can minimize costly network downtimes. An
RMON system consists of a probe that can monitor all network and WAN
segments and a RMON console residing on a PC. Consoles let LAN
managers monitor the network from a remote location and can be
configured to let managers know when an event occurs or does not occur.
The better consoles let LAN supervisors manage multiple probes
simultaneously. Also, consoles let managers know about problems before
users do, so corrective actions can be taken quickly and users stay
happy. Probes are available for Token-Ring and Ethernet networks and a
variety of WAN media. Prices for probes begin at $2,000, while consoles
are priced between $800 and $7,000.
Full Text
How much does network downtime cost your company? $1,000 per hour?
$1 million per hour? Your job?
Today's corporate IT group is on a quest to avoid and minimize downtime
whenever it occurs. They have purchased and installed UPS-backed
servers and hubs; they have set up operating systems that promise
fewer crashes, such as Unix in all its flavors, Windows NT, OS/2, and
NetWare 4.x.
However, networks still curl up and die from bad cabling, broadcast
storms, and excessive collision rates. At higher levels, SAPs and
database replication steal bandwidth the way the Internal Revenue
Service steals your salary.
In a worst-case scenario, corporate network managers don't see the
damage until the users do. What's the collision rate on your thin Ethernet
in Topeka? What's the average and peak utilization for the 56K-bps line
between here and there? When will you segment that network?
Most administrators don't monitor their networks until something goes
wrong. They spend all their time putting out fires on the network
because they don't have any smoke alarms installed.
An ounce of prevention
The classic tools for network troubleshooting are the cable tester and
the packet analyzer.
"Fine," you say. "I should monitor my entire network at all times for
trouble." But how should you do this? Buy 100 packet analyzers at
$10,000 each and hire 100 people to watch them? That approach could
cost your entire annual budget.
It would be money well-spent, but there are less expensive methods. The
foremost standard for active network monitoring is called RMON (see PC
Week Netweek, June 20, Page N/1). RMON probes -- also known as agents
-- are installed throughout the network, where they monitor various
aspects of network health.
Any RMON console can request data from a probe, and most probes permit
you to restrict access with a password, if desired. The RMON probe
delivers data only when asked, so its performance is tolerable across
WAN links or even via a dial-up modem port.
Here's the basic procedure: Throw an RMON probe into each wiring closet
(enough to monitor all your segment, plus WAN links) and install an
RMON console on your favorite IT administration machines.
How much does it cost?
RMON probes cost $2,000 and up. The probes are available for Ethernet,
Token-Ring, and WAN media from several vendors.
In general, you'll want to buy that vendor's console as well, because
most of them include proprietary extensions to RMON. If you don't buy
their console, you can't use their extensions (see PC Week Netweek,
Sept. 26, Page N/3).
Consoles can cost between $800 and $7,000. Look for a console that
allows you to manage many probes at once. That way, you can save on
training costs and software costs by having only a handful of consoles
for your entire operation.
For a total cost, count your network segments and multiply by the cost
of the probe you choose. Then decide how many consoles you want
(perhaps one for your laptop?), and multiply by the software cost. Then
factor in the installation and training costs.
For a 100-segment Ethernet network, let's pick a $4,000 probe and three
copies of a $3,600 console. We'll pick a Windows console, so we can put
it on one desktop PC for the home office, plus two laptops for on-site
work. Total cost of hardware and software: $410,800. Quite a bargain
compared with the alternatives.
What are the benefits?
Suppose you've just added the RMON probe to the St. Louis office and
you're winging your way to Topeka to install its console. Your pager goes
off as the plane hits the runway; the home office wants to let you know
that the mail server died in St. Louis. Again. By now, everyone in the St.
Louis office knows how to reboot it, but the vice president of sales also
called and wants to know why this keeps happening. You remember that
his nephew manages the St. Louis office.
At the hotel, you boot up your laptop. You had set up a modem on the St.
Louis probe's out-of-band management port, so you load the RMON
console and dial up the probe. Examine the network traffic on the LAN
from 11:00 a.m., when the server crashed. Nothing unusual there: low
utilization, no collisions.
Benefit No. 1: You can monitor any portion of the network remotely. You
can start a packet trace on the server, trapping the first 64 bytes of any
packet going to or from that mail server. Since the mail server
broadcasts SAPs whenever it's running, you set an automatic alarm that
will page you if no broadcasts come from the server for more than 5
minutes.
Benefit No. 2: You can pick problem nodes to track and schedule alerts
for any network event. The next day, as you install the Topeka probe,
your pager goes off. The probe is letting you know that the server just
crashed. As you dial in to the probe using your laptop, you call the home
office and say, "The St. Louis mail server just crashed. Call them and let
them know we're on it."
Benefit No. 3: You know about the problem before the user does. Next,
download the packet trace from the probe and decode it, and it will
appear that the mail server was attempting a dirsync with Topeka. The
Topeka mail server said, "Access denied," and chopped the connection.
You can use RCONSOLE to log in to the St. Louis server. Sure enough, it
has last month's password still in place. You changed all the server
passwords when one of your analysts left to work for the competition.
Change the password, send the vice president of sales an E-mail
message that the problem has been resolved, and thank him for his
concern.
Topic: Troubleshooting
Network Management Software
LAN
Economics of Computing
Record# 16 190 989
COPYRIGHT Ziff-Davis Publishing Company 1994