|
|
TrafficDirector is a software package that lets you monitor, troubleshoot, and record information about your network's operation. TrafficDirector helps you identify and isolate a wide variety of fault conditions in data communications networks.
TrafficDirector works as a distributed system by using a central management console running the software in conjunction with data-gathering agents located at various points on a network. It can simultaneously collect wide-ranging statistical data, display selectively captured and fully decoded network traffic, set user-defined alarm conditions, and get real-time updates from all segments of a widely dispersed internetwork. TrafficDirector does all this from a centralized, SNMP-compatible network management console. TrafficDirector is based on two standards that let it operate in a multitopology, multivendor environment:
TrafficDirector has four main functions:
TrafficDirector gathers and analyzes network information using Cisco Systems Internetwork Operating System (Cisco IOS) RMON agents, SwitchProbe devices, and other RMON agents attached to network segments.
Cisco Systems SwitchProbe devices are enhanced RMON probes that you attach to a specific network segment. The SwitchProbe device gathers statistical information for that segment and provides a window into the segment which you use to observe and analyze network data. A typical network has multiple segments and multiple agents. Normally, one agent is attached to each network segment.
SwitchProbe devices communicate with managers using the SNMP protocol either in-band (using the same network facilities as all other network nodes) or out-of-band (using a communications medium separate and distinct from the user network).
TrafficDirector currently supports SwitchProbe devices for Ethernet, Fast Ethernet, Token Ring, Fiber Distributed Data Interface (FDDI), Copper Distributed Data Interface (CDDI), and Wide Area Network (WAN). For more information about different probe models and their uses, see the SwitchProbe Installation and Configuration Guide.
TrafficDirector is a set of software application programs that you use as a starting point to issue operational commands to SwitchProbe devices and other RMON agents to gather and analyze network information. TrafficDirector displays all results and diagnostic information. You can have multiple TrafficDirector programs simultaneously active within a single network, even working with the same SwitchProbe device or other RMON agent.
TrafficDirector has many applications you can use to monitor your network. These features provide expanded functionality that let you work within a switched environment, an environment containing WAN frame relay circuits, or shared/legacy LAN traffic. TrafficDirector is designed to transparently switch gears behind the scenes, depending on the type of agent or switch you select, as well as the application. In addition, TrafficDirector lets you accurately monitor traffic through and install domains on switches and frame relay agents because of the built-in extended capabilities for both Traffic Monitor and Domain Manager.
TrafficDirector controls network data acquisition and analysis by configuring SwitchProbe devices, then getting and analyzing network data from the probes. When you use TrafficDirector, you have full control over what network data the probes gather, as well as how to analyze and display this data. Figure 2-1 shows a network segment with a SwitchProbe device installed.
When a SwitchProbe device is attached to a network segment, it becomes a node on the network. As such, it detects all transmissions on the network, regardless of how they are addressed. It can also analyze and record information about those transmissions. Also, many internetworking devices have embedded RMON agents which can monitor segments attached to that device.
TrafficDirector is a collection of applications that you can launch to monitor and manage your network. You can launch some applications for agents, groups, or switches, and other applications might require you to select just one element, such as one agent within a group. The following listings provide some helpful hints.
The following list shows all applications that you can launch by either clicking an icon displayed in the TrafficDirector main window or by selecting Application from the menu bar and then choosing the application you want.
Certain TrafficDirector applications let you work with either single or multiple agents. This means that you can launch an application for just one agent or you could select an agent group or ports on a switch and launch the same application. You can use the following applications, whether you have selected just one agent or multiple agents.
Some TrafficDirector applications require that you select only a single agent. This means that if you have been working with an agent group that includes four agents, if you select a single agent application, TrafficDirector prompts you to select only one of the agents within that group. Likewise, if you have been working with a switch, selecting a single agent application means that TrafficDirector prompts you to choose only one of the dedicated agents, ports, or roving agents. The following TrafficDirector applications work with a single selected agent.
Other TrafficDirector applications do not require that you first select an agent, group, or switch from the TrafficDirector main window. The following applications do not require agent selections:
Once you have launched a TrafficDirector application, you can launch other tools that provide a narrowed focus, letting you view information in more detail. You can sometimes choose yet other tools once you have narrowed your focus. These tools are available from applications that require you to select at least a single agent, although some tools are available when you use applications that let you monitor multiple agents. Tools that you can launch from single-agent or multiple-agent applications, as well as from other tools are as follows:
This section describes terms common to standard communication networks as well as terms exclusive to TrafficDirector and its agents. If you are learning about networking, you should read the information in the "Standard Communication Terminology" and "TrafficDirector Terminology" sections. If you are familiar with networking but are learning TrafficDirector, you should review the "TrafficDirector Terminology" section.
When you are working with TrafficDirector, you will often see the term "domain"; this term describes the kinds of traffic statistics that you want to see. In other words, a domain lets you choose to display a specific traffic stream. For example, when you choose to view statistics for the IP domain, you will see information about just the IP traffic on a network segment you select.
Domains are flexible and can display traffic for any of the following layers:
| MAC layer | This includes basic RMON protocols that operate on the Data Link and Physical layers. For example, the TrafficDirector RMON domain is a MAC-layer protocol. |
| Network layer | This includes protocols that operate on the Network layer. For example, IP and IPX are Network-layer protocols. At this level, you can monitor network traffic by host and conversations for various network protocols and for such standard RMON information as utilization, packet rate, and errors. |
| Application layer | This includes protocols that operate from the Transport layer to the Application layer. For example, SNMP and TFTP are Application-layer protocols. |
In the TrafficDirector architecture, a domain is a definable variable that can include one protocol or a group of protocols (Figure 2-2). You would use a domain to see all traffic on a network segment that matches the protocol specified in the domain. Many commonly used protocols, such as IP and IPX, are predefined TrafficDirector domains. The predefined RMON domain includes all supported protocols; this means you can use it to see all traffic on a network segment.
TrafficDirector lets you define your own domains. This is useful to let you monitor very specific traffic patterns. For example, to get an idea of the IP and IPX traffic on a network segment, define a domain to include only IP and IPX. Then apply that domain on the network segment. The results show you how much of the segment's utilization is strictly IP and IPX traffic.
Figure 2-2 shows that you can use predefined domains to get RMON statistics for specific protocols or add a custom domain, such as LAB, to get RMON statistics for that domain. The special predefined domain, RMON, provides RMON statistics for all the traffic on the segment. Table 2-1 gives the relationship between protocols and the network.
| Protocol | Relationship to Network |
|---|---|
| D1 | IP and child protocols TCP, with its child HTTP, and UDP, with its child SNMP. You can create one domain to include all these IP-related protocols or create a separate domain for each protocol. |
| D2 | IPX protocol. |
| D3 | DECnet protocol. |
| D4 | AppleTalk protocol. |
| D5 | NCP Protocol. |
Protocols are the rules data communications devices use to carry out their communication processes. The generalized model for protocols is the Open Systems Interconnections (OSI) model (Figure 2-3). This model includes seven layers, each of which carries out a specific subset of the communications process. The model is often described as a stack or suite. By looking at a protocol stack, you can often identify network malfunctions.
Each layer within the OSI model performs specific functions. Starting at Data Link, any given layer depends upon the layers beneath for support so it can perform its functions correctly. For example, protocols at the Network layer can smoothly deliver packets to the correct addresses only when the Data Link and Physical layers are configured and are operating correctly. Each layer contributes to network communications as follows:
Various network protocols, such as IBM, TCP/IP, DECnet, and VINES, are based on the OSI model. As an example, a protocol interpreter suite is shown in Figure 2-4. Notice the correspondence with the standard OSI model.
TrafficDirector contains a set of filters used to isolate an individual protocol from other network traffic (Figure 2-5). A second filtering process, domains, separates the components of the protocol stack for each supported protocol. Using Data Capture, you can select only specific traffic in a segment, such as IBM traffic, by using a filter that passes only IBM traffic. Then you use Protocol Decode to separate each packet, also called a frame, into its component layers and decode each layer according to the selected protocol.
The first standard for network management evolved into a specification that became known as Simple Network Management Protocol (SNMP). SNMP was given Request for Comments (RFC) number 1098 by the Internet Engineering Task Force (IETF). By embedding the basic SNMP MIB within data communication devices, multivendor management systems can manage these devices from a central site and view information graphically.
The basic MIBs used with SNMP have limitations. Although MIBs allow regular polling of devices, they do not provide for extensive active monitoring of critical functions or monitoring network traffic on a LAN segment. Other SNMP-based network devices can identify only traffic specifically addressed to themselves and cannot provide statistics on conversations between devices--an important concept for network troubleshooting. The RMON-MIB is designed to address many of these limitations.
The RMON-MIB was developed by the IETF and became a standard in 1992 as RFC 1271. The RMON-MIB specification was developed to provide traffic statistics and analysis on many network parameters for comprehensive network fault diagnosis, planning, and performance tuning.
In 1994, RFC 1513 was added. RFC 1513 specifies characteristics associated with the Token-Ring topology. RFC 1757 for Ethernet RMON was released in 1995, obsoleting RFC 1271.
RMON-MIB delivers seamless multivendor interoperability between SNMP management stations and monitoring agents. It also provides a standard for a set of MIBs that collect rich network statistical information not available from the standard SNMP MIB.
Finally, RMON-MIB allows active network diagnostics through a powerful Alarm Group that lets you set thresholds for critical network parameters to automatically deliver alerts to centrally located management consoles.
This section describes the basic RMON-MIB groups. An RMON-MIB group is a related set of variables used with RMON functions, such as monitoring and collecting certain types of data, setting alarms, and event trapping. RMON goes far beyond SNMP in providing useful tools for network monitoring. The basic RMON-MIB groups for Ethernet and Token Ring networks include:
RMON2 support is necessary when you need to monitor and troubleshoot at layers higher than data link. With the TrafficDirector RMON2 functionality, you can monitor traffic at network and application layers. This means that you can get statistics for all hosts accessing a specific segment, no matter where the hosts are located, or how the network is connected.
With RMON2, RMON groups map into all of the major network layer protocols, such as IP, IPX, DECnet, Appletalk, Vines, and OSI. Also, as mentioned earlier, you can monitor application-layer traffic, so you can monitor network applications such as Notes, Telnet, Microsoft Mail, and Sybase, among others. You can do so because RMON2 outlines how you can construct logical filters for remote agents. This means that TrafficDirector can now monitor and help you troubleshoot key application-layer traffic within the enterprise network.
The original RMON standard supports network monitoring of data-link-layer traffic only. This means that it can present statistics only for aggregate traffic, not statistics for the different layers of various protocol stacks, such as IP, FTP, and IPX. Because it is not capable of monitoring at the network layer, an RMON device cannot distinguish traffic on its segment that originated across a router. By not monitoring above the MAC layer, many useful applications, such as monitoring WAN links, measuring client-server response time, or providing seven-layer protocol statistics, are not possible.
Domains provide an architecture that allows the monitoring of network traffic for all seven OSI layers within the framework of the RMON standard. Using domains lets you monitor any protocol traffic for any device or subnet on any segment of an enterprise network.
In TrafficDirector, you can choose to add two types of domains: protocol or generic. Protocol domains are those that work only with RMON2. You can add, edit, or delete protocol domains for protocols in the data link, network, and application layers. Protocols for each of these layers are supplied with TrafficDirector in special *.inf files. This means that whenever you want to add or edit protocol domains, the *.inf files contain all of the protocol definitions that you will need. We recommend that you do not edit these *.inf files, since a SwitchProbe device would not recognize any protocol definition other than those that are shipped with the product.
Generic domains extend the capabilities of TrafficDirector. For generic domains, TrafficDirector supports the MAC, NET, and SUBNET address modes. In the MAC address mode, host and matrix tables are built using the 6-byte physical-layer MAC address as specified by the RMON standard. TrafficDirector includes the RMON domain, which is used with third-party RMON agents to monitor MAC-level (basic) RMON statistics. In the NET address mode, TrafficDirector creates host and matrix tables containing network addresses for the following packets:
| IP packets | NET-mode address is the 4-byte IP address. (example: 45.20.0.20)
|
| IPX packets | NET-mode address uses the IPX host address. (example: 08002B534256)
|
| DECNET packets | NET-mode address is the area.node address. (example: 1.1023)
|
SUBNET address mode is similar to NET address mode, except that the agent uses subnet addresses for collection purposes. This means that the resulting host and matrix tables contain total statistics for each subnet. TrafficDirector uses only IP, IPX, and DECNET packets to create the tables.
Managing remote network segments is critical to providing high network availability. Key network management standards, such as RMON and SNMP, are the technology enablers to build the tools, such as TrafficDirector, to manage distributed networks:
| RMON | Lets you gather network statistics for problem resolution. Active monitoring alerts you to problems before they become critical. |
| SNMP | Lets you poll device status from a central site. |
| Domains | Let you monitor more network traffic parameters, devices, and LAN segments for the most effective and focused problem resolution. |
Network administrators must constantly balance the cost of network management versus that of network availability. Network administrators are increasingly using RMON probes to monitor LAN traffic because of the economic benefits that result from distributing management devices onto critical remote network segments--whether in a large corporate facility or across the country.
However, SNMP management creates problems due to the amount of bandwidth needed to get SNMP management information from a remote site. The dilemma for the administrator is that if network management bandwidth is minimized for SNMP polling and ping sweeps, then it is possible to miss network fault conditions, which could jeopardize the health of the enterprise network.
The ideal solution is to combine the use of domains and remote SNMP management (resource management) into a single, cost-effective device that can provide active management for all critical resources at the remote site, while also eliminating expensive and congestive regular polling. Integrating these two important network management technologies has resulted in TrafficDirector Resource Monitor.
SNMP-based network management systems have the ability to get status information and statistics for network devices by using the SNMP get command to query MIB variables (objects) of interest. However, this must be performed with continuous polling. Because a network can involve hundreds or even thousands of devices, with each device having hundreds of MIB variables, present SNMP-based device management is extremely inefficient. Furthermore, MIB I, MIB II, and private MIBs do not provide features for setting alarms, eliminating any method of recording and notification when selected resources reach predetermined values.
Resource Monitor lets you efficiently monitor the resources of any SNMP device. To do so, the TrafficDirector console downloads MIB variables selected from a list to the agent, creating proxy resources at the agent (Figure 2-6). Instead of polling from the management console, the agent then polls each resource at a selected interval and records the result. You can select either an SNMP get or an IP ping resource.
In addition, you can set alarms in the agent and be notified when any variable reaches a predetermined value. In this way, the agent notifies the management console only when an alarm condition sets off a trap, eliminating continuous polling (Figure 2-7).
One strength of TrafficDirector is that its agents selectively gather network traffic in the form of frames from any operational segment protocol, node, or conversation. Agents store that information in an internal file and then transmit the file to TrafficDirector on command. The TrafficDirector Protocol Decode application reads the data file and breaks each captured packet into individual protocols. You can then view or print either the raw data in byte form or a full seven-layer decode. Figure 2-8 illustrates how the TrafficDirector Protocol Decode function operates.
Table 2-2 lists the protocols the TrafficDirector protocol-decode software supports.
| Ethernet | IEEE 8023 | IEEE 8025 | IEEE 8022 |
|---|---|---|---|
| DODIP | DODARP | DODRARP | DODICMP |
| DODGGP | DODTCP | DODUDP | DODSMTP |
| DODFTP | DODTFTP | DODDNS | DODTLNT |
| DODNTB | DODNTDAT | DODNTNAM | DODSMB |
| NOVIPX | NOVSPX | NOVRIP | NOVECHO |
| NOVERRP | NCP | XNSIPX | XNSSPX |
| XNSRIP | XNSECHO | XNSERRP | XNSPEXP |
| XNSSMB | DECDRP | DECMOPDL | DECMOPRC |
| DECLAT | DECLDATA | DECNSP | DECSCP |
| DECDAP | DECNICE | DECFOUND | DECCTERM |
| DECSMB | APPLAP | APPARP | APPSDDP |
| APPLDDP | APPNBP | APPATP | APPZIP |
| APPRTMP | APPAEP | APPPAP | APPASP |
| APPDSP | APPAFP | VINESIP | VINESRTP |
| VINESARP | VINESICP | VINESIPC | VINESSPP |
| VINESMM | VINESST | VINEMAIL | SNMP |
| SUNNFS | SUNRPC | SUNMOUNT | SUNPMAP |
| SUNYP | SNAXID | SNATH | IBMNETB |
| SNARHREQ | SNARHRES | SNARU | SNAFM |
| SNAPS | IBMSMB | CLNS | ES-IS |
| TP 0/2/4 | ISO-Session | ISO-Presentation | FTAM |
| X400 | - | - | - |
Any window that appears in TrafficDirector is usually referred to as a window. Within some windows are menus, which provide lists of choices. Beneath menus on some windows are selection buttons. When you click on them, selection buttons either start a single action or give you another list of choices. Windows can also contain displays, where TrafficDirector displays graphical network data, and lists, which contain tabular data related to the window's function.
You perform most mouse selections with the left mouse button. The terms select and click refer to a single mouse click.
When you enter information into TrafficDirector windows, you have to keep the following restrictions in mind:
After you have completely installed the TrafficDirector software, you are ready to get started. To start TrafficDirector, use the following procedure.
Step 1 First make sure that you have added the TrafficDirector environment settings to your .cshrc file. For more information on how to do so, see the "Installing TrafficDirector" chapter.
Step 2 From the UNIX command line, make the TrafficDirector installation directory your current directory:
Step 3 Enter the following command:
The TrafficDirector main window (Figure 2-9) is displayed.
Tasks you can perform from the main window (Figure 2-9) include choosing from several menu items and three groups of icons to perform most of the TrafficDirector functions. You can also use the main window to add agents, agent groups, define Catalyst switches, and to edit agents you have already added. This is very important because TrafficDirector does not recognize the existence of an agent until you have added it, using the functions in the main window.
TrafficDirector tools are described in this manual. To launch all TrafficDirector primary functions, use the main window. Launch all applications from the primary tool windows. TrafficDirector tools you can use include:
In the chapters that follow, you will find detailed descriptions of each major type of network monitoring, such as monitoring all traffic for several agents, examining host traffic, traffic in a single domain, and so forth. To give you a guideline of what you can expect to find, this section lists commonly used major tasks and provides a pointer to one or more chapters you can turn to for more information. Depending on what you are interested in doing first, you might want to read more about:
You can open multiple TrafficDirector tools at the same time. You can also open multiple windows of the same tool. However, remember that each window has an independent sample rate, such as 30 seconds, 1 minute, and so on, so the updates can be different with different windows. Thus, you can be monitoring the same data with two versions of the same window, and the data may appear different.
Also remember that when you open multiple windows, you use extra network resources. It is good practice to open only the windows you need to do your work.
TrafficDirector lets you print most screens that contain graphs and numerical data. You can also print reports. To print graphical screens, you must have a Postscript printer. To print numerical data, you can use any convenient printer. In almost all cases where you need to print something from TrafficDirector, you can use the following procedure:
Step 1 Select File>Print from the menu bar. The Print Options window is displayed (Figure 2-10).
Step 2 Do one of the following:
Step 3 Click Apply.
You can exit TrafficDirector at any time. When you do so, TrafficDirector saves all the changes you have made, such as adding agents, agent groups, or switches, and installing domains. To exit TrafficDirector, select File>Exit from the main window menu bar.
|
|