There are several different measurement technologies that can be used to provide data. To be successful, a technology needs to be widely accepted, efficient, useful, and very general. The following discusses some different technology and hopefully you will come to the conclusion that there are many 'less than perfect' approaches.
Control Blocks analysis is standard technology when there is nothing better. The problem with using control blocks is that if the control blocks change, so does the measurement facility.
In VM, many performance monitors make extensive use of the CP Diagnose command to acquire data. The monitors are often months if not years behind in support of new releases of VM. And supporting new releases of VM may be cost prohibitive, leaving the users without monitors when the system is upgraded.
In UNIX, the analogy is dev/kmem, giving program access to kernel data. With over 100 unix variants, maybe thousands of monitor variants were required to retrieve data. Thus no dev/kmem based monitor exists that claims to monitor all flavors of Unix.
For IP stacks, the analogy continues to netstat. The netstat command is an interface to TCPIP control blocks. These control blocks certainly contains useful information, but each tcpip stack and each level of that stack requires a netstat that can read the control blocks.
Standard Interface exist that do not have the same drawbacks. For VM, there is the CP Monitor. When VM changes, the monitor is upgraded concurrently. The standard interface provided by the CP monitor means that one version or release of a monitor product (such as ESAMAP or ESAMON) can support any release of VM/XA, VM/ESA or z/VM. Old releases of ESAMON still operate on z/VM. And ESAMON and ESAMAP were updated in just a few hours to fully support z/VM.
For network data, there is the same type of standard interface - SNMP, Simple Network Management Protocol. Using standard SNMP data requests, data from almost any network device or host is available in a standard format. ESATCP uses this protocol to collect data to report network traffic and errors. When TCPIP is updated or enhanced, ESATCP keeps operating without change. APPLMON)
If you were to provide an ideal monitor for linux, what would the architecture be? Hopefully something as easy to use as SNMP or the VM Monitor facility.
Examples of using Technology
Ping is widely used as a measurement facility, because it can measure a specific connection at a specific time. But PING does not measure user traffic, only a given response time between two nodes at a given time. Thus, unless you have a tool that evaluates all your current connections and performs pings at approximately the same time as the users are transmitting data the data will vary widely from end user perception. There are several other objections to using ping, the best heard yet was that an installation turned off the ping based monitor and network traffic dropped 40%. A monitor should not cause performance problems...
Another technology sends out a java applet to run in the browser to measure the user's transactions from the user's perspective. If your users allow java to run on their browsers, this can provide data for a web application, but web is not the only IP application. A more general approach is required to ensure consistent data is available for all applications.
Almost all IP stacks provide a netstat command to provide performance data of the network applications. The issue with netstat is how would you collect this data for hundreds of servers? Logon to each server and acquire the data manually? or write an interface that then sends the data back to a central server for analysis? Certainly doable, but when you have different levels of software on all your servers, who is going to update all the interfaces? is this an issue?
The standard SNMP data is referred to as MIBII. This is what provides instrumentation on network traffic and errors.
There is also a set of HOST MIBS defined that measures the host resources. This implementation is discussed in SNMP.
RMFPM is an agent provided by IBM from the zSeries Performance Management Development organization. This Free agent runs under linux. This implementation is discussed in RMFPMS.