Best Practices for Monitoring Switches (Part II)
Explore the intricacies of tracking traffic, distinguishing between traffic and flows, and understanding the invaluable insights they provide for network optimization.
Introduction
In the world of network monitoring, understanding how data traverses your switches is indispensable. This knowledge allows you to optimize network performance, identify bottlenecks, and enhance security. In this section, we delve into the details of tracking traffic on switches, exploring the differences between monitoring traffic and flows and uncovering the wealth of information these metrics offer.
Monitoring Traffic vs. Flows
NetCrunch supports two technologies that allow network traffic monitoring. The first one (SNMP and RMON) gathers information from switches about the traffic on particular ports. The second one can collect flow data from routers and switches.
NetCrunch relies on SNMP (Simple Network Management Protocol) to gather information about network devices. This technology is seamlessly integrated into NetCrunch's functionality. It provides insights into switch traffic and port connections, enabling administrators to track data flow and port status. Real-time statistics are presented in Physical Segments' views, making it easy to monitor traffic between switches and servers.
NetCrunch supports various flow protocols that allow for the collection and analysis of flow data from routers and switches. NetFlow, in particular, is a widely recognized technology for monitoring network traffic. NetCrunch aggregates this data and provides insights into both short-term and long-term performance trends.
Distinguishing Metrics
When we talk about monitoring network data, two fundamental metrics come into play: traffic and flows. Let's dissect each of these to understand their significance:
Monitoring Network Traffic
What is Network Traffic?: Traffic refers to the raw data transmitted over a network. It encompasses all data packets moving between devices. Monitoring traffic provides insights into the volume of data, types of applications in use, and peak traffic periods.
NetCrunch uses SNMP to monitor traffic on switches and keep tabs on how much data is being sent and received. With SNMP, we can track the status and activity of individual network ports on switches and routers, at the same time keeping an eye on the state and health of network interfaces. Finally, it also allows monitoring of Layer 2 connections, which are essential for understanding how devices on the network are interconnected.
Information Provided: Traffic monitoring offers valuable information about bandwidth utilization, application usage, and overall network activity. This data helps in capacity planning, ensuring that network resources are efficiently allocated.
Monitoring Flows
What are Flows?: Flows are a higher-level abstraction of network data. A flow represents a sequence of packets with common attributes, such as source and destination IP addresses, port numbers, and protocol. Flow monitoring provides detailed insights into individual data streams within the network.
Flow-Based Monitoring: NetCrunch supports various flow protocols, including NetFlow, NetStream, CFlow, AppFlow, and rFlow. These protocols allow for the collection and analysis of flow data from routers and switches. NetFlow, in particular, is a widely recognized technology for monitoring network traffic. NetCrunch aggregates this data and provides insights into both short-term and long-term performance trends.
Flow Analytics and Application Monitoring: NetCrunch offers advanced flow analytics, allowing you to examine traffic based on various criteria. It supports the creation of custom application definitions and leverages Cisco NBAR (Network-Based Application Recognition) technology for in-depth application monitoring. Additionally, NetCrunch allows you to create custom application definitions to monitor their flows.
Information Provided: Flow monitoring goes beyond raw data and offers granular details about each data stream. This includes data volume, source and destination information, protocol usage, and more. Flow data is invaluable for troubleshooting, security analysis, and optimizing network performance.
Performance Metrics and Data Handling NetCrunch can handle substantial data loads, with the capacity to receive up to 3,000 packets per second and 35,000 flows per second (an average of 12 flows per packet). NetCrunch supports the following flow protocols: NetFlow v1, v5, v8, v9, and IPFix, NetStream, CFlow, AppFlow, and rFlow.
NetCrunch collects and analyses received flows for aggregation in the 15-minute and 1-hour ranges. This gives you both the ability to analyze data in a short period and to store long-term performance trends. Currently, NetCrunch supports single flow aggregation to receive data from multiple flow sources. The received flows are aggregated and presented on a single dashboard for convenient monitoring.
Switch Traffic Monitoring: Insights and Benefits
Understanding the difference between monitoring traffic and flows is essential. But what insights can you gain from traffic monitoring specifically? Let's explore:
Traffic Analysis
Application Usage: By monitoring traffic, you can identify the most commonly used applications on your network. This insight helps in prioritizing critical applications and optimizing bandwidth allocation.
Bandwidth Utilization: Traffic monitoring allows you to assess how network resources are used. You can identify peak usage times and allocate bandwidth where it's needed most.
Anomaly Detection: Sudden spikes or drops in traffic can be indicative of security breaches, network congestion, or hardware failures. Monitoring traffic helps in detecting anomalies and responding promptly.
Flow Monitoring: Going Beyond the Surface
While traffic monitoring provides valuable insights, flow monitoring takes network analysis to a deeper level:
Granular Data Insights Source and Destination Analysis: Flow data reveals the source and destination of data streams. This is vital for understanding communication patterns and identifying potential security threats.
Protocol Usage: Flow monitoring offers information about the protocols in use, aiding in protocol-specific optimization and security measures.
Security and Compliance: In-depth flow analysis can help identify security breaches, data exfiltration, and non-compliance with network policies.
Additional traffic monitoring capabilities
Monitoring of Cisco IP SLA operations,
Cisco IP SLA, or Service Level Agreement, technology is pivotal for monitoring and ensuring network service quality and performance. It plays a crucial role in helping network administrators maintain high standards of network performance and meet service level expectations. NetCrunch offers robust support for Cisco IP SLA operations, providing an efficient approach to monitor and manage these critical network operations.
NetCrunch offers two essential components for Cisco IP SLA Monitoring. The IP SLA Single Operation Sensor allows for the close monitoring of specific IP SLA operations on Cisco devices. It promptly alerts administrators to operation failures or inactivity on routers and enables the setting of performance triggers for key metrics like availability and operation completion time (RTT). Additionally, the IP SLA Multi-Operation Sensor provides a broader view by monitoring all IP SLA operations of a particular type or those selected based on specific parameters. It focuses on default metrics, such as availability and operation completion time (RTT).
Together, they ensure that organizations relying on Cisco network devices and services maintain high network performance and meet service quality standards, fulfilling service level agreements and performance expectations.
IP SLA Huawei NQA
NetCrunch allows monitoring NQA tests on Huawei devices in a similar way to the Cisco IP SLA operations. The feature also comes with new IP SLA/NQA visualization.
Conclusion
Monitoring traffic and flows on switches is indispensable for maintaining a healthy, efficient network. While traffic monitoring provides an overall view of network activity and resource usage, flow monitoring dives deeper, offering granular insights crucial for troubleshooting, security, and optimization. Understanding the differences between these metrics empowers network administrators to make informed decisions and keep their networks running smoothly.
- [19.12.2022] Troubleshooting NetCrunch database issues - tips and tricks
Part of NetCrunch housekeeping advice - learn about the best practices and solutions to database-related issues that may arise if you decide to store data in the long term.
- [11.02.2021]Diagnosing switch port capacity issues to optimize network efficiency
How do throughput and bandwidth affect network operational health? Learn what to check when looking for the root cause of your network bottlenecks or performance degradation.
- [05.04.2017] Using NetCrunch to track Port Security status of Cisco switches.
Cisco port security is a great feature to make your network safer. Learn how to configure NetCrunch to display the status of Cisco Port Security on the switch interfaces.
- [28.08.2017] Network interface monitoring in NetCrunch
There is more to Interface monitoring than just IN/OUT traffic examination. This article describes how NetCrunch handles monitoring of High Speed interfaces using 64-bit counters, and how to understand the speed of the interfaces.
- [05.07.2017] Flow Collection in NetCrunch
NetCrunch has a built-in flow collector which supports sflow/jflow/Netflow. This article will demonstrate how to configure the NetCrunch Flow collector and display flow data for analysis.
- [25.04.2017] Bandwidth cost of monitoring across a WAN
Many IT professional are confronted with a cost/benefit dilemma when considering monitoring of gateway/WAN or remote switch traffic across a bandwidth constrained lines. See how NetCrunch helps you track it.
