Overview of RMON and RMON2

Definition

Remote Network Monitoring (RMON) and RMON2, defined by Internet Engineering Task Force (IETF), are widely used network management protocols. Their implementation is based on Simple Network Management Protocol (SNMP) and uses the same network management station (NMS) as SNMP to manage network elements.

RMON provides packet statistics collection and alarm functions for Ethernet interfaces. Management devices use RMON to remotely monitor and manage network elements. RMON2 is an enhancement of RMON.

SNMP Background

SNMP collects statistics on network communication by using the agent software embedded in managed devices. The NMS polls the agent to provide network communication information. The agent then searches the management information base (MIB) and returns the required information to the NMS, which manages the network based on the returned information.

The MIB counter only records the statistics, and cannot analyze history information on routine communication. To display traffic volume and changes for a whole day, the NMS must continue to pool and analyze network traffic based on the returned information.

SNMP polling has the following disadvantages:

• Occupies a large number of network resources. Polling generates many communication packets. On a large-sized network, congestion may occur and the network may even be blocked. SNMP also cannot recycle a large amount of data, such as routing information. It is therefore not appropriate for large-sized networks.
• Increases the burden on network administrators. Network administrators are responsible for using the NMS software to collect data. It is difficult to monitor more than three network segments.

RMON Advantages

IETF develops RMON to improve usability of network management information and lighten the burden on the NMS and network administrators. Compared with SNMP, RMON is more applicable to large-sized networks and can monitor traffic on one or more network segments. The characteristics of RMON are as follows:

• SNMP is the basis of RMON, and RMON is an enhancement of SNMP.

  RMON is implemented based on the SNMP structure and compatible with SNMP. A system running RMON consists of NMS and agents. Network administrators can use the SNMP NMS to implement RMON without additional training.

• RMON enables SNMP to monitor remote network devices effectively and actively.

  Using RMON, managed devices automatically send traps when alarm thresholds are exceeded. Therefore, the management devices do not need to obtain MIB variables by continuous polling and comparison. The RMON reduces traffic volume between the management and managed devices, and allows large-size networks to be more easily and effectively managed.

RMON defines multiple monitors to collect network management information in either of the following ways:

• The NMS obtains management information directly from the RMON probe and controls network resources. This allows the NMS to obtain all RMON MIB information.
• An RMON agent is embedded into a network device so that the device provides the RMON probe function. The NMS uses SNMP to exchange data with the RMON agent and collect network management information. Due resource limitations, the NMS only obtains information on statistics, history, alarms, and events groups.

Huawei devices have an embedded RMON agent. To implement network monitoring, the management device obtains information on traffic volume and error packet statistics. It also collects performance statistics on the entire network segment connected to the managed devices' interfaces.

RMON2

RMON2 is an extension of RMON, and has the same mechanism.

RMON and RMON2 both monitor traffic on Ethernet links. While RMON only monitors traffic at the MAC layer. RMON2 monitors traffic at the upper layers above the MAC layer.

RMON2 codes and decodes data packets from Layer 3 to Layer 7 of the OSI model. In RMON2, the RMON agents provide two major functions:

• Monitor traffic based on network layer protocols and addresses, including IP. This enables the agent to learn routes from the connected external LAN network segment and monitor traffic flowing to the LAN through the switch.
• Record the incoming and outgoing traffic of the specific application, such as email, FTP, or WWW.

The RMON agents on the managed devices collect statistics on IP packets on the network segments connected to the devices. They also monitor traffic on the network segments flowing from the hosts to the interfaces.