Along with increase of expansion, complexity and device multiplicity of a computer network, network management is getting important in network construction, operation and maintenance. Network management provides an effective method to monitor, control and manage network resources in order to operate a computer network safely, reliably and effectively and to get an optimized network performance.
SNMP is a popular network management protocol for Internet based on TCP/IP protocol suite. With SNMP, the operation of a network can be monitored and analyzed. Through a network management application program, a network can be managed and maintenance. Nevertheless, the first generation SNMPv1, which has been popularly used at present, has some limitations. For example:
A polling method is used to sample information in SNMP, which not only wastes valuable bandwidth but also increases traffic load of a network. In a large-scale network, a great amount of management packets for communication are produced by the polling method, which will make a congestion or even block in a network;
A distributive management mode with manager-process to manager-process is not supported in SNMP, so all the task sampling information is concentrated on the network management center, and then the network management application program will be a bottle neck of the network;
Management information base (MIB) is a database of information about a managed device, such as router, switch and network server etc. The standard MIB-II (specified in RFC 1213) and vendor-specific MIB are used for providing local information of a single device, such as state of the device interfaces, information traffic and number of error packets.
It is difficult to obtain management information of a network segment from the protocols mentioned above. As Internet is getting larger, it is necessary to control a network segment performance. Thereof, it cannot satisfy management of large-scale Internet only by using standard MIB or vendor-specific MIB to obtain management information of network devices.
In order to increase transmitting validity of management information, decrease load of management application program, and satisfy monitoring requirement of network segment performance, Internet Engineering Task Force (IETF) proposed a remote network monitoring (RMON) protocol.
In RMON, a scheme of remote monitoring network segment by interface is provided. RMON expands the SNMP and defines interface between management application program based on SNMP in network management center and agent-process in managed devices. With RMON, monitoring data traffic of one network segment or all networks is implemented.
RMON provides a useful method for monitoring operation of sub-network. The communication traffic between manager-process and agent-process can be reduced. Through RMON, all kinds of traffic information of network segment can be tracked and monitored; such as total number of packets on a network segment during an interval, total number of correct packets sent to a host computer during an interval etc. Also, through RMON, proactive monitoring can be made on a network. A device, which applies RMON technology, can monitor network performance and record status on its own initiative. When there is a fault in some Internet such as congestion, the fault information can be informed to management application program in time, and then the management application program deal with it so that the fault can be eliminated.
Usually, cooperation of the alarm group and event group together can make proactive management. For example, a management application program can configure a managed device with RMON alarm and event groups to monitor an object of an interface of the managed device. For example, number of input bytes on an interface (named ifInOctects in MIB) is monitored; when total number of ifInOctects during one minute exceeds a threshold, the managed device (RMON agent-process) will send an alarm to the management application program. In this case, the monitoring function is transferred to and executed at a managed device. Therefore, various statistic information polling is avoided, network bandwidth is save and working load of a management application program is decreased.
The RMON alarm group can only monitor an independent object, such as number of input bytes of an interface ifInOctects above, but cannot monitor combination information of multiple objects. In practice, it is necessary to monitor an expression of several independent objects. For example, a management application program may monitor an error percentage of input packets of an interface in a managed device, and specifies that an alarm must be informed to management application program if the error percentage is more than 10% during a 10 minutes period of time. The error percentage of input packets of an interface is an expression of three independent objects, as shown in the following:Error percentage of interface input packets=ifInErrors/(ifInUcastPkts+ifInNUcastPkts).
The expression includes three objects of the interface: number of input error packets ifInErrors, number of input uncast packets ifInUcastPkts and number of input non-uncast packets if ifNUcastPkts.
Since the RMON alarm group is lack of ability to monitor an operation combination expression with multiple independent MIB objects, monitoring such an operation combination expression can only be dealt with by using the general SNMP method. For example, for error percentage of input packets of an interface, the management application program sends a SNMP get-request packet at every ten minutes interval to obtain ifInErrors, ifInUcastPkts and ifNUcastPkts, respectively; the error percentage of input packets of an interface is calculated and compared with 10% locally; when the error percentage exceeds the preset value, an alarm is sent out.
This procedure wastes not only a lot of network bandwidth, but also CPU time of the network management center. In a computer network, usually a network management center manages hundreds of routers, so if utility factors of every interface of every managed device are managed by network management center, then network bandwidth will be waste greatly and working load of the network management center will be out of its capability.
In addition, there is another limitation of RMON. When an alarm function of managed devices is set, only an operator, such as network administrator, can end the function. In practice, it is desired that an alarm function can be ended automatically after execution of a period of time, for example one day.