|
|
To monitor network traffic, you need two components: one or more SwitchProbe devices or Cisco IOS embedded RMON agents and a TrafficDirector console. If your network includes one or more switches, you can configure ports on a switch to act as agents. Once you install agents (whether they are SwitchProbe devices or ports on a switch that are acting as agents) on the appropriate network segments and install and start TrafficDirector software on your management console, you must then set TrafficDirector to recognize the agents you want to use for network monitoring. You do this by adding agents, agent groups, and switches to TrafficDirector. TrafficDirector cannot monitor the traffic on any network segment until you install an agent on that segment and add the agent to TrafficDirector.
TrafficDirector makes it easy to add, modify, and delete agents. When you add a new agent to TrafficDirector, you specify a number of parameters for that agent, such as agent name, hardware interface number to monitor, IP address, number of retries, and so forth. You can also edit agent parameters or remove them from TrafficDirector.
It is important to realize that when you install an agent on a network segment, the agent continuously collects and records segment data. When you add the agent to TrafficDirector, it means that TrafficDirector can monitor selected portions of the segment traffic. In some cases, you can also change certain aspects of data collection in the agent, such as setting alarms and proxy resources.
You may want to monitor network traffic from more than one agent at a time. To do this, you define one or more agent groups. An agent group is a group of agents that TrafficDirector treats as a single entity. You add, edit, and delete agent groups the same way you handle individual agents.
In this chapter you will learn how to add, modify, and delete agents, agent groups, and switches. You will also learn about the TrafficDirector Remote Login tool, which lets you change the configuration of an installed agent directly from the TrafficDirector console.
This section covers how to work with individual agents. You add, edit, and delete individual agents from the TrafficDirector main window (Figure 3-1). The Agents [All] list, which contains the names of individual agents and selection buttons associated with those agents, is displayed on the left side of the main window. A similar list, Agent Groups, is displayed on the right side of the window.
You might want to view all the agents added to TrafficDirector or only those agents included in a specific agent group. To view all agents added to TrafficDirector, select the All button from the Show option buttons at the bottom of the Agent list. This is the default setting. Note that the Agent list is titled Agents [All]. To view only the agents that make up a particular group, use the following procedure.
Step 1 Select the agent group whose agents you want to view from the Agent Groups list in the TrafficDirector main window (Figure 3-1).
Step 2 Select the Group button from the Show option buttons at the bottom of the Agent [All] list.
Notice that the list heading changes to Agents [Group name]. The [Group name] defaults to the first group displayed under the Agent Groups heading, unless you have highlighted another group. Only agents included in the selected group are displayed in the list.
To use TrafficDirector to monitor network traffic on a segment, you must:
Once you have added and tested the agent, you can then use the TrafficDirector network monitoring tools to examine segment traffic using that agent. To add a new agent to TrafficDirector, use the following procedure.
Step 1 Select All from the Show option choices beneath the Agents [All] list. The list now displays all installed agents.
Step 2 From the Agents [All] group of buttons, select New. The New Agent window is displayed (Figure 3-2).
Step 3 Fill in the fields with the information for the agent you want to add:
Step 4 Click OK to add the agent or Cancel to quit and return to the TrafficDirector main window.
Step 5 Now go back to the TrafficDirector main window. The new agent should be displayed in the Agents [All] list.
Step 6 Select the new agent.
Step 7 Click the Test button to confirm that the new agent is reachable. If it is, you will see a window listing information about the agent. You can now use this agent to monitor segment traffic.
There may be times when you need to quickly determine if a particular agent is operational and the date and time it became operational. This is particularly true if you have many agents operating on segments. You can test any agent added to TrafficDirector by using the Test button next to the Agents [All] list on the TrafficDirector main window. The test function
You should routinely test any new or modified agent before you use it. To test an agent, use the following procedure.
Step 1 Select the agent you want to test from the Agents [All] list on the TrafficDirector main window.
Step 2 Click Test. If the agent is operational, the agent and interface information appear in a window (Figure 3-3). If the agent is not operational, the information in the dialog box tells you if the agent can be reached, and if so, whether the read community string, the write community string, or both, has failed.
Step 3 When you have finished viewing the information, click OK.
There may be times when you will want to change an agent's parameters or review the parameters without modifying them. Parameters are the fields you filled in when you added the agent. When you no longer need to monitor a certain part of your network, you may want to delete the agent (remove it from the TrafficDirector main window). In this section you will learn how to do all three tasks.
Once you have added an agent to TrafficDirector, you can edit it at any time. This means that you can change any of the parameters you specified when you added the agent. For example, you may want to change an agent's timeout or retry times to meet changing network conditions or monitoring requirements. To change one or more parameters in an existing agent definition, use the following procedure.
Step 1 Select the agent you want to edit from the Agents [All] list on the TrafficDirector main window.
Step 2 Select Edit. The Edit Agent window is displayed. Its fields are the same as the New Agent window (Figure 3-2), except that the fields are already filled in for the existing agent.
Step 3 Change the fields you want to edit, using the guidelines described in the "Adding a New Agent" section.
Step 4 Click OK to replace the original agent with the modified agent or Cancel to return to the TrafficDirector main window without modifying the agent.
Step 5 Select the agent you just modified. Then test the agent as described in the "Working with Agent Groups" section to ensure proper operation.
You may want to review the parameters for an agent without changing them. For example, you may have forgotten the agent's timeout value. To view the values in each agent field without changing anything, use the following procedure.
Step 1 Select the agent you want to view from the Agents [All] list.
Step 2 Click View. The View Agent window is displayed. Its fields are the same as the New Agent window (Figure 3-2), except that the fields are filled in for the existing agent. You cannot edit these fields.
Step 3 Click OK when you are finished viewing the agent.
As your network monitoring requirements change, you may no longer need to monitor a certain network segment. In this case, you might want to delete the agent from TrafficDirector. When you delete an agent from TrafficDirector, the actual agent remains connected to the network segment, gathering information, but TrafficDirector can no longer monitor the data it collects. To delete an agent from TrafficDirector, use the following procedure.
Step 1 Select the agent you want to delete from the Agents [All] list on the TrafficDirector main window.
Step 2 Click Delete. A window is displayed requesting you to confirm that you want to delete the agent.
Step 3 Click Yes to delete the agent or Cancel to return to the TrafficDirector main window without deleting the agent.
If you clicked Yes, the agent you deleted is now not displayed in the Agents [All] list. Similarly, if you deleted an agent that also belongs in an agent group, it is deleted from the group as well. However, the agent you deleted may be connected to the network segment, still collecting data--it is just not defined in TrafficDirector, and TrafficDirector cannot get data from the agent unless you redefine it as a new agent.
TrafficDirector uses the agent group to monitor the same network information from more than one agent at a time. An agent group is a collection of agents that you define. You can create new agent groups, modify groups, view group definitions, and delete groups. Depending on your requirements, an agent can belong to one or more groups or to no groups at all.
When you have defined an agent group, you can use the TrafficDirector monitoring and analysis tools with that group exactly the same way that you would with a single agent. The difference is that you can compare traffic from different agents in the same graphical presentation. For example, if you want to monitor and compare enterprise-level traffic in three different segments, you can put agents on all three segments, add them to TrafficDirector, create an agent group for them, and use Traffic Monitor to compare the traffic from all three segments on a single graph.
You can also launch Traffic Monitor in different modes, depending on agents within the group. For example, if the agent group you are monitoring contains a WAN probe that is configured as a frame relay agent, from Traffic Monitor, you could select Tools>Frame Relay Monitor to launch Traffic Monitor in Frame Relay mode to display DLCI information for that WAN probe. For more about the different modes available in Traffic Monitor, see the "Monitoring the Network Using Traffic Monitor and Protocol Monitor" chapter.
To focus your attention on just one agent within a group, you can select Scope to select or deselect certain agents. Scope is an editing tool that lets you further narrow the scope of your tasks to just those agents you specify.
When you add a group of agents, you select the agents you want to include in the group, give the group a name, and add the new group to TrafficDirector. To create a new agent group, use the following procedure.
Step 1 Click New from the Agent Groups set of selection buttons on the TrafficDirector main window. The New Agent Group window is displayed (Figure 3-4).
Step 2 Do one of the following:
All available agents, switch servers, or switch trunks are displayed.
Step 3 To select from the agents, switch server, or trunks displayed, click to highlight the ones you want to include in the new agent group.
Step 4 Enter a group name. The agent group name can be up to 15 characters and is case sensitive. You can use numbers, letters, dashes, or underscores in the name, but it must start with either a letter or a number.
Step 5 Click OK to add the new agent group to TrafficDirector or Cancel to return to the TrafficDirector main window. The new agent group is displayed in the Agent Groups list on the main menu.
Any time you want to add to or reduce the number of agents included in a particular agent group, you can do this by editing the agent group. To edit an agent group, use the following procedure.
Step 1 Select the agent group you want to edit from the Agent Groups list on the TrafficDirector main window.
Step 2 Click Edit.
The Edit Agent Group window is displayed. Its fields are the same as the New Agent Group window (Figure 3-4), but the agents that belong to the group are already highlighted.
Step 3 Click to highlight the agents you want to include in the group. Deselect those that you no longer want in the group by clicking Show Agent All.
Step 4 Click OK to edit the agent group or Cancel to return to the TrafficDirector main window.
You may want to see which agents are included in a particular agent group. There are two ways you might do this. Use either of the following procedures to view an agent group.
Step 1 Select the agent group you want to view from the Agent Groups list.
Step 2 Click View. The View Agents Groups window is displayed. Its fields are the same as the New Agent Group window (Figure 3-4), except you cannot include or exclude any agents.
Step 3 Click OK when you are finished viewing the agent group.
Step 1 Select Groups in the Show field beneath the Agents [All] list in the TrafficDirector main window.
Step 2 Select the agent group. The left list now shows only agents that belong to the selected agent group. Notice that the heading of this list changes to Agents [Group].
When an agent group is no longer useful, you can delete the group for clarity and convenience. You can redefine the same or a similar group at a later time, if needed. Remember that an agent group is just a logical grouping. When you delete an agent group, the individual agents it includes are still listed in the Agents [All] list in the main window. To delete an agent group from TrafficDirector, use the following procedure.
Step 1 Select the agent group you want to delete from the Agents Groups list.
Step 2 Click Delete. A window is displayed advising you to confirm that you want to delete the agent group.
Step 3 Click Yes to delete the agent group or Cancel to return to the TrafficDirector main window without deleting the agent group.
Every SwitchProbe device is configured according to a number of parameters such as IP address, and read/write community strings. You may want to change these parameters at certain agents as your network management needs change.
 | Caution You can configure only Cisco Systems SwitchProbe devices with Remote Login. |
The traditional problem in reconfiguring agents has been that agents may be physically located all over the world. The TrafficDirector Remote Login tool solves this problem by letting you configure agents directly from TrafficDirector through the network, regardless of where they are located. To configure an agent using Remote Login, use the following procedure.
Step 1 Select the agent you want to reconfigure from the Agents [All] list on the TrafficDirector main window.
Step 2 Click Remote Login from the TrafficDirector main window. The Remote Login window you will see should be similar to the one shown in Figure 3-5.
Step 3 See the SwitchProbe Installation and Configuration Guide for configuration instructions.
Step 4 Change agent parameters according to the instructions in the agent manual. To change a parameter, enter the parameter number in the selection field at the bottom of the window, then modify the parameter.
Step 5 To make your changes at the agent, enter the number for the Reset Agent choice.
Step 6 To exit Remote Login, enter exit in the selection field, and press Enter.
TrafficDirector uses two types of RMON support to monitor switches: mini-RMON and optional roving RMON. TrafficDirector uses mini-RMON to continuously monitor all switch ports and can be configured to then use roving RMON to bring full RMON analysis to a selected port when needed. In this way, a single SwitchProbe device connected to a Switched Port Analyzer (SPAN) port of a Catalyst LAN switch can provide complete monitoring and analysis of all ports on a selected switch.
In addition, TrafficDirector lets you monitor critical interswitch links using dedicated high speed probes. This means you can connect high speed media agents, such as the Fast-Ethernet SwitchProbe devices, directly to switch-trunk and server ports to provide full RMON proactive monitoring of the high volume of traffic found on these critical links. TrafficDirector then aggregates the data from mini-RMON, roving RMON, and any dedicated probes you have defined into a consolidated monitoring and diagnostic environment supporting switch and virtual LAN (VLAN) traffic.
In many ways, a switch is similar to an agent group because TrafficDirector treats each port as an agent, letting you monitor each switch port as you would an agent on a network segment. For example, you can install domains on ports and set multiple alarms on specific ports, as well as scope switch port displays. You can also launch additional TrafficDirector tools for a more detailed analysis of traffic on a selected switch port.
In this section, you will learn how TrafficDirector uses mini-RMON, roving RMON, and dedicated high speed probes to let you continuously monitor switched LANs and provide seven-layer RMON analysis to specific switch ports on demand.
TrafficDirector uses mini-RMON to continuously monitor all ports on a switch. This mini-RMON support can be embedded within the switch's Cisco IOS software or provided as proxy RMON, using an external proxy agent. Mini-RMON lets TrafficDirector view each switch port as an RMON agent. This is especially important in dealing with microsegmented switched LANs. If mini-RMON was not provided, on a switch with 100 ports, you would have to set up and configure one probe for every port--100 probes--to continuously monitor all switch ports. But with mini-RMON support, whether embedded within the switch or provided as proxy RMON by an external SwitchProbe device, TrafficDirector can monitor all switch ports simultaneously using one SwitchProbe device.
Mini-RMON strikes a good balance between visibility and overhead by embedding only the essential RMON groups--statistics, history, events, and alarms--on each switch port and skipping the groups with high resource requirements. When monitoring a switch with embedded RMON on each port, TrafficDirector can poll the switch directly for RMON information in the same way it polls a SwitchProbe device.
Mini-RMON embedded within switches lets TrafficDirector continuously monitor all ports on the switch while minimizing the performance impact associated with embedding complete RMON on each port. In addition, mini-RMON provides vital statistics and alarms that can signal the TrafficDirector software when a more detailed analysis is needed. TrafficDirector can then use an external roving RMON agent, such as a SwitchProbe agent, to bring full RMON analysis to the suspect port.
Proxy RMON lets you monitor switches that do not have embedded RMON as if they had embedded mini-RMON on each switch port. Proxy RMON uses an external SwitchProbe device to map a switch's private MIBs to one mini-RMON group: statistics. The probe then generates the history and alarms groups with this data. TrafficDirector then polls the probe (also referred to as the proxy agent) for this mini-RMON information. In this way, you can monitor switch port traffic in terms of mini-RMON values.
Roving refers to how TrafficDirector can direct full RMON/RMON2 analysis to any switch port you select. TrafficDirector automatically configures the switches SPAN port to implement roving RMON whenever you launch an application or tool that requires any of the five remaining RMON groups beyond mini-RMON: Hosts, Hosts Top N, Matrix, Filter, Data Capture, and any RMON2 groups. A switch supports roving when it meets the following two requirements:
Roving involves connecting a SwitchProbe device to a SPAN port on the switch, then "mirroring" traffic from a selected switch port to that analyzer port. In its most basic sense, a copy of the monitor port traffic is directed to the analyzer port where the probe is attached. The probe then examines this traffic as if it were receiving the traffic directly. Although the analysis port is a static, physical connection to the probe, TrafficDirector dynamically sets the monitor port to the switch port you choose to analyze.
Once TrafficDirector detects a problem on a port, additional data is often needed to resolve it, including extensive data captures and network-layer host and conversation lists. You can then use roving to bring the full RMON/RMON2 power of a SwitchProbe agent to the suspect port for detailed monitoring and analysis.
For example, suppose you are using Protocol Monitor to monitor a switch (where you have installed several domains, using Domain Manager) and notice an unusually high amount of IP traffic on port twelve. You can run Domain Manager in Switch mode and then choose to launch Conversation List, Top N Talkers graph, or All Talkers list for the port 12 IP domain to determine the reasons for all that traffic. At that point, TrafficDirector automatically roves to port 12 to analyze that traffic and retrieve the host and conversation statistics needed.
Interswitch links are the backbones of switched LANs. Equally important are high-speed media connections to servers. Because these critical links handle high volumes of traffic, they are usually FDDI or Fast Ethernet type media. Continuous monitoring of these links is essential for managing growth and immediately troubleshooting problems. To do so, you can attach Fast-Ethernet and FDDI SwitchProbe devices directly to these critical links to provide continuous full RMON/RMON2 monitoring and analysis. You can then include these dedicated probes as part of the switch definition when you add a switch to TrafficDirector and can even tailor your agent group to display all dedicated trunk probes, server probes, or both.
As mentioned earlier, the most common reason to use a proxy RMON agent is to provide RMON support on behalf of a device that does not have embedded RMON. But there are times when you may want to use proxy RMON to monitor a device that does have embedded RMON support.
In such a case, the RMON counters within the device map directly to the corresponding mini-RMON groups within the proxy agent. Some of the reasons you may want to set up a proxy agent to monitor an embedded RMON device include:
| One-point monitoring with multiple applications | If you have multiple TrafficDirector applications polling the device for RMON related information, you may want to set up a single proxy agent to poll the device and have the multiple TrafficDirector applications poll the proxy agent instead. This reduces CPU and memory requirements in the device. For example, if you launch Traffic Monitor, Segment Zoom, Segment Statistics, and Short- and Long-Term History graphs to monitor a switch, each of these applications will poll the switch for RMON data. Instead, set up a SwitchProbe device to proxy the switch, and let the multiple TrafficDirector applications poll the agent. |
| Probe accessibility | The probe can be used to proxy the switch and provide RMON information on behalf of each switch port. For example, a management station may be monitoring a network segment connected through an out-of-band SLIP connection to the probe but does not have direct access to a switch. |
| Limited resources when implementing RMON groups | A device with an embedded RMON agent may not have the resources needed to implement certain RMON groups. In this case, you can enable only the statistics group on each port and set up an external proxy agent to monitor the device. The proxy agent will perform SNMP gets to retrieve those statistics and map them to the remaining mini-RMON groups. That same proxy agent could also be used to focus full RMON on a selected port if the device supports roving RMON and the probe has the needed analyzer port connection. |
Before you can monitor a switch, you must add it to TrafficDirector. You add a switch to TrafficDirector in the same way and for the same reason you add an agent--so TrafficDirector will recognize it. This is where you define any proxy, roving, or dedicated agents you are using to monitor the switch and its associated traffic.
Then, whenever you launch a TrafficDirector application for the switch, the display includes all switch ports, as well as any proxy, roving, and dedicated agents included in the switch definition.
Before you begin to add a switch to TrafficDirector, please make sure of the following:
When you add a switch to TrafficDirector, you must specify the type of switch you want to monitor. Based on your selection, you can use mini-RMON, proxy RMON, or roving RMON to monitor the switch. Table 3-1 shows the switch models currently supported by TrafficDirector and the RMON monitoring strategy recommended for each.
| Switch | Mini-RMON | Roving | Proxy RMON |
|---|---|---|---|
| Catalyst 1200 | X | ||
| Catalyst 1700 | X | ||
| Catalyst 1900 | X | ||
| Catalyst 2100 | X | ||
| Catalyst 2800 | X | ||
| Catalyst 2900 | X | X | |
| Catalyst 3000 | X | X | |
| Catalyst 3100 | X | X | |
| Catalyst 3200 | X | X | |
| Catalyst 5000 | X | X |
Use the following procedure to add a supported switch to TrafficDirector. Once you add the switch, you can monitor network traffic for any ports on the switch, as well as any roving or dedicated agents associated with that switch.
Step 1 From the TrafficDirector main window, click the New button to the right of the Switches list. The New Switch window (Figure 3-6) is displayed.
Fill out the top two-thirds of the window according to the following information:
| Switch Name | Enter a name for the switch you want to add. The switch name can be up to 15 alphanumeric characters and is case sensitive. You can also use dashes and underscores, but no spaces. |
| IP Address | Enter the IP address of the switch on the network. |
| Switch Type | Click this button to pull down a menu of available switch models and to select the model of the switch you are adding. |
| Read Community | Enter the read community string for the switch. The default read community is public. |
| Write Community | Enter the write community string for the switch. The default write community is public. |
| Retry Count | This is the number of times TrafficDirector tries to reach the switch if it gets no response. The value must be an integer and be equal to or greater than 1. The default value is 2 times. |
| Timeout (secs) | This is the length of time TrafficDirector waits before retrying an SNMP request. The value must be an integer and be equal to or greater than one. The default value is 5 seconds. |
| Roving Agent | If you are setting up a roving or proxy agent to monitor the switch, the name of the agent must be displayed in this field. Select the button to the right of the field, then select the name of the agent from the Agent List and click OK. You can include this agent in the display when you are monitoring the switch. |
Use Step 3 through Step 5 to define up to four agents as dedicated (meaning that you are using these specified agents to monitor trunk and server critical links).
Step 3 Click the box immediately to the right of the Dedicated Agent field.
The Agent List window (Figure 3-7) is displayed.
Step 4 Select the dedicated agent from the Agent List, then click OK.
The agent name is displayed in the Dedicated Agent field.
Step 5 You can now define the agent as a server or trunk probe. To do so, click the Where field to the right of the Dedicated Agent, then select Trunk or Server from the pull-down box. The default is Server. This lets you tailor your display to include only dedicated trunk or server probes monitoring critical links.
Step 6 Click OK to accept the switch definition and add the switch to TrafficDirector, or click Cancel to exit the New Switch window without adding the switch.
Once you add a switch, you can get TrafficDirector to automatically learn the Ethernet and Fast-Ethernet ports. After TrafficDirector learns these ports, it creates a configuration file where this information is stored. Information in this TrafficDirector-created file includes port names, numbers, interface numbers, slot numbers, interface types, and speeds.
It is easy to find the configuration file containing the port definitions because TrafficDirector uses the switch name you specify and then adds the .swp file extension. For example, if you ask TrafficDirector to learn ports for a switch you have named nycatswitch, the configuration file created is named nycatswitch.swp. Keep in mind that for TrafficDirector to learn the ports on a switch, you must first add the switch definition (see the "Adding a New Switch to TrafficDirector" section for details). To have TrafficDirector learn switch ports, use the following procedure.
Step 1 From the TrafficDirector main window, find the name of the switch you want TrafficDirector to learn port information about and highlight it.
Step 2 Click the Learn button to the right of the Switches list.
In the status bar of the TrafficDirector main window (bottom left corner), you will see two messages. The first message is displayed: Learning ports for <switchname>... . The second message is displayed: Switch ports learned for <switchname>.
Once TrafficDirector has learned the ports for the specified switch, you can begin using it to monitor traffic and perform other diagnostic functions, as described in this manual.
At times, you may need to edit a switch definition. Whenever you need to do so, use the following procedure.
Step 1 From the TrafficDirector main window, click the Edit button to the right of the Switches list.
The Edit Switch window (Figure 3-8) is displayed.
Step 2 Edit the existing definition as necessary. For information on what type of information is required for each field, see the "Adding a New Switch to TrafficDirector" section. Keep in mind that the Edit Switch window is identical to the New Switch window. This means that you can use the information in the referenced procedure to easily edit any switch you have defined.
Step 3 When you have finished making the necessary changes, click OK to save the modified definition, or click Cancel to close the window without saving your changes.
Whenever you remove a switch from the network or if you do not need to monitor it, you can delete it from the definitions in TrafficDirector. To do so, use the following procedure.
Step 1 From the TrafficDirector main window, click the Delete button to the right of the Switches list.
The TrafficDirector confirmation window (Figure 3-9) is displayed.
Step 2 Do one of the following:
|
|