Network Monitoring

What Is Network Monitoring?

Network Monitoring Overview

Explanation of network monitoring metrics

Network monitoring tools can continuously measure a set of metrics that indicate the network performance issues in the IT infrastructure. Common metrics include:

• Availability: Availability monitoring helps administrators track the uptime of switches, routers, firewalls and other critical infrastructure components so they can address problems before they impact the business.
• Throughput: Throughput is the rate of data delivered successfully from a given source to the destination over a specified channel.
• Delay (or latency): Network delay or latency is the amount of time it takes for a data packet to go from the source to the destination and is primarily caused by the distance between them.
• Delay variation (or jitter): Delay variation or Jitter is defined as a variation in the delay of received packets. It can be caused by a number of factors including network congestion, collisions, and signal interference.
• Loss: Packet loss occurs when one or more transmitted data packets fail to arrive at their destination. This can cause noticeable application performance issues, since packets have to be retransmitted before they can be received and processed.

Why is network monitoring important?

Network monitoring offers many benefits, including:

• Reduced downtime: The network is a critical aspect of any digital business and involves heterogenous components both in the LAN and the WAN, with some portions which are not in direct control of the organization. The availability and performance of various IT entities accessed over the network need to be monitored continuously in order to ensure that business operations are not impacted and that downtime can be minimised by both pro-active and reactive approaches. Understanding the network’s normal performance and behavior is essential for determining its efficiency and how it can be improved.
• Improved efficiency and reduced MTTR: Network monitoring helps reduces mean time taken to repair (MTTR), that is the amount of time the IT team needs to spend to resolve issues, since they now know what specific issues are impacting performance and therefore are in a better position to troubleshoot and resolve them.
• Better visibility across networks: As systems extend beyond on-premises and include hybrid (on-premises and cloud) approaches as well as multi-vendor environments, visibility becomes increasingly difficult to achieve. Network monitoring could provide a way to ensure their performance and security.
• Capacity planning: Network monitoring allows you to identify application performance and other trends and extract data to be used to justify the need for upgrading capacity or technology to meet business needs.

What are different network monitoring methods?

Network performance monitoring is achieved using passive and active (a.k.a. synthetic) methods. In addition, monitoring of network traffic data is accomplished passively as explained below.

What is active or synthetic network monitoring?

In active monitoring methodology, specialized monitoring probes are used for performance measurements. The advantage of this approach is that it is not dependant on the availability and proper functioning of the network devices and would have the capability to provide higher frequency fine-grained measurements, without loading the network. Hence this capability will increasingly be deployed for monitoring critical resources in today’s business critical environments. However, some organizations do not prefer this approach since additional probes need to be introduced in their network.

What is passive network monitoring?

In passive monitoring methodology, the devices in the network themselves provide the necessary metrics. The advantage of this method is that the monitoring tool can perform monitoring by polling the network devices for determining all the metrics. While this approach is popular and most common, the disadvantage of this method, is that if the network devices malfunction or fail, the relevant metrics cannot be relied upon or be available. Also, this ideally requires a separate management network to connect the management interfaces of the network devices, though many organizations may choose not to do so.

What is network traffic monitoring or network flow monitoring?

Network traffic monitoring is a passive monitoring methodology for observing and analyzing network traffic for network performance, availability or security. It incorporates network sniffing and packet capturing techniques in monitoring a network and generally requires reviewing each incoming and outgoing packet.

While network performance monitoring provides performance metrics at the infrastructure level, network traffic monitoring gives visibility of performance metrics actually experienced by the various traffic flows, end to end.

One of the common industry approaches is the use of NetFlow, a network protocol system defined by Cisco. NetFlow is now part of the Internet Engineering Task Force (IETF) standard as Internet Protocol Flow Information eXport (IPFIX), and is widely implemented by many network equipment vendors. Though this is a popular approach, one disadvantage is that it uses sampling of the data, resulting in reduced network visibility that makes it challenging for teams to troubleshoot critical security threats or performance issues.

What are challenges in network monitoring?

IT operations in most organizations are typically occupied with day-to-day activities required to administer and keep IT infrastructure running. Their key focus would primarily be to ensure uninterrupted availability of resources required for optimal user experience.

The network is the common factor that connects all of them together and since this involves both LAN and WAN, any performance issues faced by end users in running their applications is usually first attributed to network problems. Often when that is the case, if network administrators don’t have sufficient visibility of the performance of all the networks, trouble-shooting and RCAs can take much longer.

Thus, typical challenges network administrators face include:

• Lack of control and visibility of WAN and its impact on end-to-end performance of business-critical applications
• Network monitoring tools that provide monitoring based on passive methods like SNMP, cannot be relied upon when device failures occur, since then no information is available just when they are needed the most
• Troubleshooting poor digital experience of remote users who are accessing enterprise applications over the internet, can be challenging especially when the monitoring tool used by the network administrator does not report any performance issues.
• Supporting hybrid environments – on-premises and cloud-based to provide a seamless experience can be difficult, especially when there isn’t sufficient visibility into cloud.

What are common monitoring systems?

Network monitoring tools are of broadly two types: Hardware-based and software-based.

Hardware-based network monitoring typically having traffic monitoring capabilities as well but can prove too expensive for many organizations.
Software-based network monitoring tools are more affordable and may support one or more of the following methodologies – Passive (polling/SNMP based), Flow monitoring, Active monitoring:

• On-premises software-based tools are those which installed in an organization’s servers. This is a traditional software model that is generally priced with a license fee and a maintenance plan for ongoing support.
• Cloud-based tools are those that are installed in public cloud. Because no software needs to be installed directly within the organization’s infrastructure, these tools can be installed and launched quickly. Cloud-based monitoring tools are licensed in a pay as you go, subscription model, offering a high level of flexibility.

How to find the best network monitoring tool?

When considering a network monitoring tool, you want to assess these key network monitoring capabilities:

Ease of use: Does the tool provide an intuitive user interface that makes it easy to monitor events, perform triage, and react to problems quickly?

Automatic discovery: Does the tool provide full visibility into every device on the network? A tool with automatic discovery can be really helpful by scanning the network for connected devices and automatically discovering new devices when they are added

Path view: Does the tool provide visual representation of the network showing how devices are connected to each other? This would aid in easier analysis of performance issues.

Customizable dashboards:  Does the tool provide the option to customize and filter what data is displayed on graphs and dashboards? This helps network administrators to ensure to focus on specific data sets.

Intelligent alerting: Is it possible to set up thresholds such that multiple alerts are avoided? How are alerts delivered? Can the alerts be received on ITSM tools deployed in the organization?

Critical resource monitoring: Is it possible to monitor specific resources which are mission-critical, at higher granularity and accord higher priority while triaging?

Diagnosis and root cause analysis (RCA) capabilities: Does the tool automatically include context and provide correlation capabilities (with AI/ML or without) to help trouble-shoot problems quickly

Scalability: Is network monitoring tool be able to scale as needs of the business grow?

Flexibility for on-premises or cloud licensing: Does the tool provide support for the type of deployment that your organization needs?

Support policy: What types of support options are available and are they aligned to your organizational needs and expectations?

Conclusion

Network architectures are constantly evolving and continue to grow increasingly complex as applications and business demands increase. Network monitoring provides the toolsets needed to stay ahead of performance problems and security threats — and resolve such issues before they impact users and the business. With the right tool, digital businesses can be prepared to face the above challenges.