Network monitoring is far more complex than its name implies – ask anyone in the field. Technically speaking, network monitoring is a systematic checking of key performance metrics to assure that the quality of service and the network capacity are within predetermined boundaries. Simply put, network monitoring examines an internal network for problems or irregularities with the end goal of ensuring network uptime.
To complete the task of network monitoring, network engineers are equipped with tools that provide them with an overall as well as a granular view of the network. There are three main technologies that are primarily used for network monitoring: SNMP, flow-based monitoring, and packet-based monitoring. Each of these technologies has benefits and downsides.
With that in mind let’s look at each of the technologies used in network monitoring and determine which one(s) might be the best option for your business.
Simple Network Management Protocol (SNMP)
SNMP is one of the oldest network monitoring techniques on the market, and its main purpose is to manage devices on IP networks. These devices typically include routers, switches, servers, workstations, printers, and others. SNMP data provide network engineers with a high-level view of the condition of networked devices. With SNMP you can see, for example, the core temperature of a device, how many users are accessing a device, overall throughput (for network connections), etc.
This device view is one of the major reasons why SNMP is still frequently used. However, one of the drawbacks to SNMP is that it is based on polling, so configuration for each device is required before meaningful data can be obtained, and a specific polling interval must be specified, typically every minute, or longer. As the number of devices being monitored grows, SNMP polling can create a significant amount of network traffic, further taxing the network you’re trying to monitor. In addition, detailed troubleshooting and root-cause analysis of network issues is not possible with the level of data available via SNMP, so even if you know that a device has a problem, you cannot typically determine the exact nature of the problem in order to fix it.
SNMP is a bit archaic as a network monitoring solution, but it still provides one of the best ways to see device metrics and summary-level activity on your network — just be aware of the network overhead attached with SNMP solutions, and the limited ability to perform root-cause analysis.
Flow-based monitoring solutions are by far the most popular solutions on the market today. Flow-based solutions use existing resources like network switches and/or routers to obtain data that is already being processed by these devices. It can be very cost-effective because it eliminates the need for additional hardware and software to obtain network data for analysis.
Flow-based technologies are intended to provide network engineers with an overview of network performance, including information like application performance and overall bandwidth utilization. Flow-based systems analyze seven distinct characteristics of each packet on the network and group the overall data into network conversations. All network statistics must be compiled on the basis of these seven characteristics and the resulting network conversation data.
With all the positives that flow-based solutions can provide a network engineer, they lack the ability to zero in on specific problems that require deeper packet information and decodes. In addition, flow-based systems can tax the very devices being used to run your network – your switches and routers – when networks get busy. In this case, network devices will default to their primary objective, routing IP packets, and loss of flow-based data and analysis can result.
If you want a deeper dive into how flow-based systems work, as well as the various vendors and how their products differ, please check out our blog “Basics of Flow.”
Packet-based analysis was historically reserved for deep dive troubleshooting. However, packet-based systems have evolved into complete network monitoring, reporting, and troubleshooting solutions that can deliver the same statistical data as flow-based and SNMP systems while also providing the most detailed network analysis possible. Packet-based monitoring analyzes the complete details of every IP packet on the network, including the packet payloads, providing a complete view of network activity and allowing for true root-cause analysis of the most complex network problems. Packet-based systems typically require additional hardware to capture network data, but this extra cost is offset by the ability to achieve root-cause analysis, and it allows your network analysis solution to be truly passive – a significant advantage as network speeds move from 1G to 10G and beyond.
From a business perspective, packet-based solutions are the only sure-fire way to solve issues quickly and effectively, without impacting the performance of the network itself.
Whether you are a business looking for the best network monitoring solution on the market, or simply want to brush up on your network monitoring 101, hopefully this helped you determine what monitoring technology is best for your environment and your budget.