In today’s complex and rapidly evolving network environments, ensuring network stability and performance is crucial. Network monitoring has become a core component of network management, helping enterprises detect, prevent, and resolve various network issues. From traditional SNMP (Simple Network Management Protocol) to INT (In-band Network Telemetry) enabled by P4 programmable technology, and now the increasing adoption of open-source network monitoring tools, network monitoring technologies have undergone multiple stages of evolution. This article explores the development of these technologies and how they help enterprises manage and optimize their networks more efficiently.
SNMP: The Foundation of Network Monitoring
Initially, SNMP emerged as the standard for network monitoring, addressing fundamental network device management issues, especially in the 1990s and early 2000s. It provides device status information (such as port status, CPU usage, and memory utilization) and retrieves this data through polling.
What is SNMP?
SNMP (Simple Network Management Protocol) is a standard network management protocol used to collect and manage information from network devices. It allows administrators to monitor device health, performance, and faults, making it widely applicable for managing routers, switches, servers, and other network equipment.
How SNMP Works
- Polling-based Communication: SNMP relies on a Network Management System (NMS) that periodically sends requests to managed devices (such as switches and routers) to retrieve data. These requests are based on predefined standard data items in the MIB (Management Information Base).
- Trap Mechanism: Devices can proactively send alerts (Traps) to the NMS to report status changes, such as failures or threshold violations.
Advantages of SNMP
- Broad Compatibility: SNMP is an industry-standard protocol supported by almost all network devices and operating systems.
- Ease of Use: The protocol is simple, easy to deploy, and supported by various monitoring tools.
- Low Cost: SNMP-based monitoring relies solely on software and protocols, eliminating the need for additional hardware.
Limitations of SNMP
- Limited Functionality: SNMP mainly provides device status and basic performance data but lacks in-depth traffic analysis and troubleshooting capabilities.
- Poor Real-time Performance: Since SNMP relies on polling to retrieve information, it introduces latency, making it unsuitable for scenarios requiring high real-time accuracy.
- Security Concerns: Traditional SNMP versions (such as SNMPv1 and SNMPv2) lack robust security mechanisms and are vulnerable to attacks.
In-band Network Telemetry (INT) : Granular and Real-Time Network Monitoring
As networks scale and application demands diversify, In-band Network Telemetry (INT) has emerged to address some of the limitations of traditional SNMP, particularly in terms of real-time monitoring and accuracy.
What is INT?
INT is an advanced telemetry technology that embeds metadata inside data packets to monitor network performance in real time. This metadata includes critical information such as packet paths, latency, and packet loss rate, allowing administrators to gain detailed network insights without disrupting normal traffic flow.
INT collects, transmits, and reports network status information directly from the data plane. Unlike traditional monitoring methods, INT does not require additional service networks or dedicated ports; instead, it extracts data directly from within the network. The term “in-band” signifies that information is gathered from inside the transport network, while “telemetry” refers to measuring key network indicators and reporting them remotely for efficient network visualization.
How Does INT Work?
INT Header Format
Accurate telemetry data allows network operators to proactively identify blind spots and ensure efficient business operations. The INT header contains key data fields:
Ingress-port (9bit): Packet ingress port number
Egress-port (9bit) :Packet egress port number
Queue_id (5bit): Packet egress queue ID
Queue_occupancy (19bit): Queue occupancy rate
Timestamp (32bit): Packet egress timestamp
D (1bit): Indicates whether the original packet was dropped by the switch.
Q (1bit): Indicates whether congestion occurred in the egress queue of the original packet.
F (1bit): Indicates whether INT data collection was identified through ACL matching.
Seq_number (32bit): Packet counter, representing the number of INT data transmissions for the packet.
Timestamp (32bit): Ingress port timestamp of the packet.
How Does Telemetry Realize Network Traffic Visualization
Generally speaking, an INT domain contains three main function nodes, INT Source, INT Sink and INT Transit Hop.
For the telemetry operater, the traffic that needs to be telemetry will add an INT header to the source node, which contains an instruction set (INT Instruction) indicating the collected information, thus becoming an INT message. When the INT Transit Hop node is installed, the collected information (INT Metadata) will be inserted into the INT message according to the instruction set, and finally all the INT information will be popped up on the INT Sink node and sent to the monitoring device.
For users, the INT processing of traffic is completely transparent and users cannot and do not need to perceive the process.
Let us review the process in detail:
- Host H1 sends a data packet to H2
- SW1 inserts the INT header into the packet, the header source is SW1 and the sink is SW3
- SW1’s instruction is to collect SW ID and forwarding delay
- SW1 inserts its own ID and forwarding delay from ingress to exgress
- the middle switch SW2, SW3 repeat this process
- SW3 is the INT sink, which is responsible for summarizing the INT collection information and sending it to the report server.
Key Advantages of INT
- Proactive Data Push: Network devices proactively push critical data based on predefined rules, eliminating the need for passive polling.
- No Control Plane Intervention: Data collection operates independently of the control plane, reducing device workload and optimizing resource allocation.
- Nanosecond-Level Timestamping: INT natively supports nanosecond-precision timestamps, ensuring highly accurate data collection.
- Fast Response: Data is collected directly within the data plane chipset, minimizing latency and significantly improving monitoring efficiency.
Disadvantages:
- High hardware requirements: INT requires network devices to support specialized metadata tagging functions, which means the necessary hardware and configurations can be expensive.
- High complexity: Implementing and maintaining INT is relatively complex, requiring advanced technical expertise and deployment experience.
- Limited application scenarios: Mainly suitable for large-scale networks with high-performance demands and complex traffic patterns; typically not ideal for small and medium-sized enterprises.
For more about INT please visit : What is INT(In-band Network Telemetry
Open-source Network Monitoring Applications: Flexible, Efficient, and Cost-effective
In recent years, with the rise of open-source software, open-source network monitoring tools have become a new trend in enterprise network management. These tools, built on open-source architectures, provide real-time monitoring, data collection, performance analysis, and alert notifications. Compared to traditional SNMP and INT protocols, open-source monitoring solutions focus more on flexibility, customization, and advanced feature expansion.
Popular open-source network monitoring tools include Prometheus, Zabbix, Nagios, Icinga, and Cacti. These tools not only support traditional SNMP and INT protocols but also enhance network management by integrating modern monitoring technologies such as traffic analysis, historical data analytics, automated alerts, and deep monitoring.
Advantages of Open-Source Network Monitoring Tools
- High Flexibility: Users can customize monitoring metrics, alert rules, and reports based on specific needs. The ability to modify code, configurations, or even develop new plugins allows for tailored network monitoring.
- Lower Costs: Open-source software eliminates licensing fees, meaning enterprises only need to cover deployment and maintenance costs, significantly reducing monitoring expenses.
- Real-time Monitoring & Alerts: With advanced traffic analysis and alert mechanisms, issues can be detected and addressed promptly.
- Seamless Integration: Open-source tools can be integrated with various third-party systems, such as automation platforms and log management tools, enabling cross-platform network management.
- Community Support: Open-source projects typically have active developer and user communities, providing frequent updates, troubleshooting, and technical support.
Challenges of Open-source Network Monitoring
- Complex Configuration: Some open-source monitoring tools require detailed configuration and customization, which may demand additional technical expertise.
- Integration Challenges: As network environments become more complex, seamlessly integrating open-source tools with existing hardware and software infrastructure can present technical difficulties.
Despite these challenges, open-source network monitoring tools offer a powerful and cost-effective alternative to traditional solutions, making them an attractive choice for enterprises seeking greater control and scalability in their network management strategies.
How Should Enterprises Choose Between INT, SNMP, and Open-Source Network Monitoring Software?
When selecting INT, SNMP, or open-source network monitoring software, enterprises should consider business needs, network scale, budget, and technical capabilities. Below is an analysis of different solutions to help make the best choice.
| Feature/Method | INT (In-band Network Telemetry) | SNMP (Simple Network Management Protocol) | Open-source Tools (e.g., Prometheus) |
| Real-time Capability | High | Low (typically periodic polling) | Medium (depends on polling frequency) |
| Complexity | High (requires supported hardware and software configuration) | Low (easy to configure and use) | High (requires setup and maintenance) |
| Data Granularity | Very High | Low | High (depends on custom metrics) |
| Device Support | Requires specific devices (SDN-enabled devices) | Almost all devices support it | Depends on device support or external plugins |
| Security | High (usually with encryption and authentication) | Low (older versions lack encryption) | Medium (depends on configuration and external security measures) |
| Use Cases | Real-time, high-precision network monitoring | Basic device status monitoring | Flexible monitoring, suitable for custom needs |
How Should Enterprises Choose?
✅ Choose SNMP if:
- Your company is a small or medium-sized business that only needs basic network monitoring (device status, CPU, port traffic, etc.).
- You have a limited budget and want a simple, widely compatible solution.
- You do not require high real-time precision, and periodic polling is sufficient.
👉 Recommended Solution: Use Zabbix or Nagios combined with SNMP for monitoring.
✅ Choose INT if:
- Your company operates large-scale data centers, cloud computing, or 5G networks, requiring high-precision, packet-level monitoring.
- You need granular visibility into network latency, packet loss, and queue occupancy for mission-critical applications such as finance, AI training, or CDN platforms.
- Your network hardware supports P4-programmable switches, enabling INT capabilities.
👉 Recommended Solution: Use INT-compatible high-end switches and an INT collector for data aggregation.
✅ Choose Open-Source Monitoring Software if:
- You need both device status monitoring and advanced features like log analysis, traffic insights, and automated alerts.
- You want a low-cost, highly customizable solution that integrates with SNMP, sFlow, INT, and other protocols.
- Your IT team has DevOps expertise and can maintain or optimize an open-source monitoring system.
👉 Recommended Solution:
- Prometheus + Grafana (best for cloud-native and Kubernetes monitoring)
- Zabbix + SNMP/Agent (best for enterprise IT operations)
- Nagios/Icinga (best for traditional network monitoring)
Summary: Which Monitoring Approach Is Best for You?
✅ If you only need basic device monitoring (CPU, memory, port status) → Choose SNMP.
✅ If you need real-time, packet-level traffic analysis → Choose INT (best for data centers & 5G).
✅ If you need a flexible, feature-rich, and scalable monitoring solution → Choose open-source network monitoring software (best for medium-to-large enterprises).
For enterprises with high demands for visibility, log analysis, and automated alerts, open-source tools are the best choice. However, for those operating high-performance networks (e.g., 5G, supercomputing centers), INT is the most suitable solution.
