Table Of Contents
Capacity Planning and Trend Analysis
Fault Isolation and Troubleshooting
Independent RMON/RMON2 Statistics for Each SPAN Source
RMON/RMON2 in the Catalyst 5000 Family
Platform Requirements and Recommendations
Electromagnetic Emissions Certifications:
Data Sheet
Catalyst 5000 Family Network Analysis Module
The network analysis module for the Catalyst® 5000 Family enables users to monitor network applications, analyze network traffic patterns, troubleshoot protocol-related problems, and perform trend analysis for capacity planning. This module provides a fully integrated Remote Monitoring (RMON), RMON2, NetFlow, and Virtual LAN (VLAN) monitoring solution for the Catalyst 5000 Family LAN switch. The network analysis module is a component of the Cisco Systems enterprise traffic-monitoring solutions and complements the mini-RMON agent available on every Ethernet, Fast Ethernet, and Gigabit Ethernet switch port of the Catalyst 5000 Family. With CiscoWorks for Switched Internetworks (CWSI) campus traffic management application the network analysis module can be transparently roved to any switch port or VLAN to provide full seven-layer monitoring and powerful drill-down troubleshooting. The network analysis module supports simultaneous monitoring of multiple ports or VLANs and maintains independent RMON/RMON2 Management Information Base (MIB) group statistics for each data source. The module also performs NetFlow-to-RMON2 proxy for standards-based access to the Layer 3 traffic statistics gathered at backplane speeds by the NetFlow Feature Card (NFFC or NFFC2) on a Supervisor Engine III.Figure 1 Network Monitoring with Cisco CWSI Campus Applications
Application Monitoring
Network application monitoring is now possible for the Catalyst 5000 Family with an installed network analysis module. Application monitoring is provided via the RMON2 protocol distribution, application host, and application matrix tables on the network analysis module. These powerful MIB groups provide detailed information to determine the applications that are in use on the network, which hosts are accessing those applications, and which client and server pairs are generating the most traffic.Capacity Planning and Trend Analysis
With the trend-tracking capabilities of the network analysis module, network administrators now have visibility into network behavior for long-term planning. When combined with Cisco CWSI campus traffic management applications reporting applet, it is possible to determine bandwidth usage trends by switch port, trunk link, host system, network protocol, and application. As new users, servers, and applications are introduced onto the network, these tools provide valuable data for planning future network design and topology optimizations.Fault Isolation and Troubleshooting
The RMON filter and capture groups available on the network analysis module allow remote packet capture and detailed protocol analysis without ever leaving the network control center. It's no longer necessary to camp out in the wiring closet with a protocol analyzer waiting for an event to reoccur. Filters can be configured on the network analysis module to capture only specified packets from the monitored switch port or VLAN. For example, a filter may be set to capture only packets from or to a given host device or only packets of a certain protocol such as IPX®. Packets matching the preset filter are stored in buffers on the network analysis module. These captured packets are then uploaded on demand to the RMON console application for protocol decoding and further analysis.Traffic Pattern Analysis
The RMON2 network-layer host and network layer matrix groups on the network analysis module can determine which hosts are generating the most traffic for a given protocol and help identify heavy use conversations between pairs of network-layer addresses. This information is valuable to aid in understanding current network usage patterns and for optimization efforts in network design and topology evolution.VLAN Monitoring
The network analysis module provides individual RMON/RMON2 statistics for each Cisco Inter-Switch Link (ISL) or IEEE 802.1Q VLAN on a trunk link. Two powerful monitoring modes are available to analyze VLAN traffic with the network analysis module. The first, VLAN mode provides an overview of the traffic by VLAN traversing a trunk link. This mode shows the number of packets and bytes carried by each individual VLAN on the trunk. The second mode called VLAN agents can then be used to drill-down further by allowing the user to install any desired RMON/RMON2 group(s) for the traffic on each VLAN of interest. For example, it is possible to have network-layer host and matrix tables monitoring traffic on VLAN 2 while simultaneously monitoring network-layer host and application-layer host tables on VLAN 3 while at the same time performing a packet capture on VLAN 15.NetFlow Monitoring
With NetFlow data export the performance management capabilities of the Catalyst switches have been extended to provide comprehensive monitoring of all intersubnet flows passing through the NFFC and the Route Switch Module (RSM). The NetFlow data export mechanism captures Layer 3 traffic statistics as each NFFC cache entry expires. It then bundles several of these statistics records into a User Datagram Protocol (UDP) datagram and sends it to a NetFlow data collector such as an internal network analysis module. With the optional NetFlow monitoring feature enabled, the network analysis module will then proxy or map the NetFlow Layer 3 traffic statistics to the appropriate standards-based RMON2 MIB groups for analysis from CWSI campus or any RMON2 standards-compliant application.Fully Integrated RMON/RMON2
The network analysis module is completely integrated into the Catalyst 5000 Family switch and shares the switch's management IP address and Simple Network Management Protocol (SNMP) community strings for seamless access between mini-RMON and the extended RMON/RMON2 groups on the network analysis module. No external data cables, power cords, or console connections are required. The network analysis module consumes a single slot and can be installed into any Catalyst 5000, 5500, 5505, or 5509 chassis running Supervisor Engine software release 4.3 or higher.Independent RMON/RMON2 Statistics for Each SPAN Source
The network analysis module can simultaneously monitor multiple switch ports or VLANs and provides separate RMON/RMON2 statistics for each data source. The network analysis module maintains a dedicated set of RMON and RMON2 MIB group data tables for each Switched Port Analyzer (SPAN) source port or VLAN. For example, with three Ethernet client ports being monitored, the network administrator could be running a packet capture on one port, IP hosts and conversations on another, and a protocol distribution and application-layer matrix table on the last. The independent RMON/RMON2 groups for each SPAN source are accessed from any RMON application by using the SNMP MIB II ifIndex MIB object, which is assigned by the system to each port and VLAN.The network analysis module uses the SPAN mechanism in the Catalyst 5000 Family switch to rove or mirror switch traffic to the network analysis module from the selected port(s) and VLANs. The full RMON capabilities of the Network Analysis Module can then be applied to this selected portion of the switch's traffic. The Network Analysis Module supports the following data sources:
•
One or more Ethernet port(s)
•
•
•
RMON/RMON2 in the Catalyst 5000 Family
An internetworking device with an agent that supports the RMON and RMON2 MIBs can provide very specific and detailed information on your network. The embedded mini-RMON agent runs on the system supervisor engine and gathers statistics from the switch's port Application-Specific Integrated Circuits (ASICS) for the following RMON MIB groups: statistics, history, alarms, events, and the RMON2 probe/agent configuration groups. The network analysis module provides the dedicated CPU and memory resources required for the remaining groups of RMON and RMON2 as well as VLAN and NetFlow statistics monitoring. Table 1 details where each RMON and RMON2 MIB group is implemented in the Catalyst 5000 Family and which information each group provides.Table 1 RMON/RMON2 in the Catalyst 5000 Family
RMON Console Application
The Cisco CWSI campus network management application suite includes a powerful and flexible traffic management application that has been designed and optimized to monitor Catalyst switches. This application can automatically detect the presence of an installed network analysis module in a Catalyst 5000 Family switch and provides transparent roving of switch ports and VLANs to the network analysis module for detailed analysis.Module Hardware Features
The network analysis module provides a dedicated RMON/RMON2 processing engine based on a high-performance RISC CPU running at 150 MHz. This powerful CPU has 32-KB internal cache and uses a 64-bit data bus. A large 512-KB Level 2 cache resides on the module. The module ships with either 32 MB of DRAM or 128 MB of DRAM for the most demanding applications. The network analysis module has 8 MB of Flash memory, which stores the module's operating system and RMON/RMON2 agent and allows fast, easy image upgrades from anywhere. Additionally the module has a 512-KB nonvolatile RAM (NVRAM) area, which is used to store and automatically restore the last agent configuration after a system reset or power cycle.Platform Requirements and Recommendations
The network analysis module can be installed into any Catalyst 5000, 5500, 5505, or 5509 chassis. Any Supervisor Engine running software release 4.3 or higher will support the network analysis module. However, the Supervisor Engine III is recommended to ensure the best SNMP performance and the most reliable access to the RMON/RMON2 agent on the network analysis module under heavy traffic conditions.Module Hardware
•
•
•
•
•
•
Standards Compliance
•
•
•
Physical Specifications
•
•
(3.0 x 35.6 x 40.6 cm)Environmental Conditions
•
•
•
Regulatory Compliance
Safety Certifications:
•
•
•
•
Electromagnetic Emissions Certifications:
•
•
•
•
•
