What are your daily duties as the network administrator? You have to keep your network up and running. You have to answer calls like “X location is down” or “Y location is so slow”. You should monitor your network as described below to fulfill your tasks.
- You should monitor your network and react to device and line failures.
- You should analyze line utilizations, errors on the line and be sure about network performance.
- You should be aware of who talk with whom? How much bandwidth needed for every single application?
- And sometimes you need to see exact data flow over the network.
If you have all these information people think twice before blame the network for every problem. How can you achieve this?
We need a layered approach to understand network monitoring. I am not talking about network layers but network monitoring layers? We have to involve closely to monitoring layers before decide about network monitoring software needs. A simple summary could be like below.
- Preconditions of network monitoring.
- Up/Down monitoring
- Performance Monitoring / SNMP monitoring
- Who talk with whom / Netflow monitoring
- Data capture / Data sniffing
Preconditions of Network Monitoring
Network documentation is essential to monitor a network. Try set up network monitoring tools before documentation is just wasting time. You will see everything green on the screen but maybe while some of the redundant lines were down. And you will sit there, like a dumb without any alerts.
Documentation comes first.
Suggested tools: Powerpoint/Visio, NetViz
You have a map and some red and green lights on it. Green means up. Red means down. It is simple but powerful. You can immediately become aware of something goes down.
This is based on ping. Almost every IP devices support echo/echo reply. So you can monitor all IP devices in your network by using ping. To go one step further, you can monitor one application on a device instead of whole device. All network applications use TCP/UDP ports. You can monitor the applications by trying to telnet its TCP/UDP ports and if the port is open it means application is running.
Suggested tools: WhatsupGold, nmap
Performance monitoring / SNMP monitoring
The lines are up, the devices are up but life is not perfect. People complain about performance of data lines. Are they saturated? Do we have package losses on the lines? Are routers running out of memory? We need SNMP to monitor heart beat of the network.
Suggested tools: MRTG, Solarwinds Orion, PRTG
Who talk with whom / Netflow monitoring
You realized that the line is full. Someone / some applications make a high load of traffic. Who are they? Is it necessary traffic? In Cisco devices by using “ip accounting” command we can have an idea for current traffic sources and destinations. Nevertheless to analyze and to optimize the traffic we need flow monitoring. We need to know source and destination IP addresses and TCP/UDP ports and number of packages/bytes.
Everyone blame the network for slowness until you publish the network usage report which shows only 15% of the traffic is ERP traffic and rest is Internet access.
You should know that flow monitoring tools requires more server resources for the huge data they collect.
Suggested tools: Fluke Netflow monitor, Paasler
Data capture / RMON – Sniffer tools
Sometimes you need to see the exact data flow on the line instead of information about it. Just have a look to this sample scenario. After you find out the web service cause inappropriately high network traffic, the owner of the application just can say “No, we are not pushing this much of data to network. We just respond Yes or No in this web service and it is just 100 bytes” .Here you need to sniff the data flow on the line. Maybe you will find that web service respond yes or no (100 bytes) and the definition of web service (6 kilobytes).
Suggested tools: Wireshark,Gigamon