Per connection measurement limitation - SNMP

This is a discussion on Per connection measurement limitation - SNMP ; Howdy All! I am new to SNMP and am still trying to wrap my head around a few of the basic concepts. I have been reading a book by William Stallings and he mentions a limitation to SNMP that occurs ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Per connection measurement limitation

  1. Per connection measurement limitation

    Howdy All!

    I am new to SNMP and am still trying to wrap my head around a few of the
    basic concepts. I have been reading a book by William Stallings and he
    mentions a limitation to SNMP that occurs because of the nature of MIB-II:

    "All that can be measured at a system is the total TCP traffic in and out,
    not the per-connection TCP traffic."

    He says the consequence of this is that the data held in an MIB on one
    machine is not 'fine grained enough' to tell *where* a rise in traffic to
    that machine might be coming from.

    Is this still a valid limitation?
    Are there any tools or techniques that can be used to get around this?

    I had two thoughts:
    - the rise in traffic at that one machine must be accompanied by a similar
    rise in traffic in surrounding machines, which seems to invite a pattern
    matching algorithm to determine the path of rising traffic;
    - why can't route recording features of IP be used to record the addresses
    that packets have been through?

    Thanks for any advice!

    Rob




  2. Re: Per connection measurement limitation

    HI,

    The RMON MIB modules contain MIB object definitions that when
    supported provide traffic information on monitored networks.

    On Wed, 18 Feb 2004, it was written:
    > Howdy All!
    >
    > I am new to SNMP and am still trying to wrap my head around a few of the
    > basic concepts. I have been reading a book by William Stallings and he
    > mentions a limitation to SNMP that occurs because of the nature of MIB-II:
    >
    > "All that can be measured at a system is the total TCP traffic in and out,
    > not the per-connection TCP traffic."
    >
    > He says the consequence of this is that the data held in an MIB on one
    > machine is not 'fine grained enough' to tell *where* a rise in traffic to
    > that machine might be coming from.
    >
    > Is this still a valid limitation?
    > Are there any tools or techniques that can be used to get around this?
    >
    > I had two thoughts:
    > - the rise in traffic at that one machine must be accompanied by a similar
    > rise in traffic in surrounding machines, which seems to invite a pattern
    > matching algorithm to determine the path of rising traffic;
    > - why can't route recording features of IP be used to record the addresses
    > that packets have been through?
    >
    > Thanks for any advice!
    >
    > Rob
    >


    /david t. perkins


  3. Re: Per connection measurement limitation

    Thanks David!

    > The RMON MIB modules contain MIB object definitions that when
    > supported provide traffic information on monitored networks.


    Rob




  4. Re: Per connection measurement limitation

    Robert Mark Bram wrote:

    > I am new to SNMP and am still trying to wrap my head around a few of the
    > basic concepts. I have been reading a book by William Stallings and he
    > mentions a limitation to SNMP that occurs because of the nature of MIB-II:


    > "All that can be measured at a system is the total TCP traffic in and out,
    > not the per-connection TCP traffic."


    > He says the consequence of this is that the data held in an MIB on one
    > machine is not 'fine grained enough' to tell *where* a rise in traffic to
    > that machine might be coming from.


    > Is this still a valid limitation?


    Truth is that the standardized TCP-MIB only supports counters for
    system-wide statistics. You can of course define another MIB which
    provides more fine grained information. There is actually an ID
    which proposes extended TCP statistics. This is of course work in
    progress and as such not readily available on the boxes you might
    have in your network.

    For more details, see .

    /js

    --
    Juergen Schoenwaelder International University Bremen
    P.O. Box 750 561, 28725 Bremen, Germany

+ Reply to Thread