John Smith, Founder, CTO and EVP at LiveAction, asks how organizations can more effectively monitor network traffic. He offers five key steps for NetOps teams.
Today’s modern enterprise infrastructure environments continue to get more and more complex (and broader) as organizations look to manage a variety of domains including WAN, SD-WAN, data centers, public cloud and more.
As a result, visibility has become a critical component for ensuring network performance and security. But effectively monitoring network traffic can be challenging given the different technologies, access layers and rapid growth of the cloud.
According to a SANS survey from last year, only 16% of respondents believe they have high visibility into their east-west network traffic. And one of our reports from 2019 found that 35% of network professionals have poor visibility into performance across all fabrics of the network.
So how can organizations more effectively monitor network traffic? Let’s dive into five key steps for NetOps teams.
1) A critical first step is being able to identify network data sources – which typically requires unifying data from multiple sources, especially in large organizations. The issue of tool sprawl is a well-documented problem that can have a big impact on a team’s ability to do this effectively.
You may have seen EMA’s 2020 Network Management Megatrends survey that showed more than half of NetOps teams rely on between four and 10 network monitoring tools. So what key data types should you be able to monitor? Here are four:
- Flow data – Some platforms ingest flow data for full visibility into the network performance across multi-vendor, multi-domain and multi-cloud networked environments. By using just flow data about 80% of the most common network traffic issues can be resolved.
- Packet data – Troubleshooting tricky network application issues requires packet data for forensic level analysis, especially with VoIP and video. Additionally, using packet capture appliances is useful as these appliances extend the monitoring of network traffic and applications to remote sites and branches, WAN edge and data centers.
- Wi-Fi data – Wireless is ubiquitous in the enterprise and a critical source of data for monitoring users and end devices including IoT devices. Packet capture of wireless 802.11ac and newer Wi-Fi 6 is critical for understanding wireless performance analysis.
- Device data – Organizations are increasingly relying on technologies from Cisco, HPE/Aruba, Juniper and others. Many of these devices traditionally used SNMP for monitoring, but more and more APIs are being used as well for things like SD-WAN controllers. This data is useful for troubleshooting and resolving network issues quickly on devices and systems.
2) The next step is to map the network including devices, routers, switches and how they are interconnected. Tools that provide a network topology mapping function can auto-discover the network infrastructure and determine the various devices and how they are connected, the IP addresses used and in cases of SD-WAN, be able to automatically map the various sites and their IP ranges.
3) Next, you need some type of NetFlow analyzer. NetFlow is a term originally coined by Cisco, but now a generic term used to describe flow data (and IPFIX is an IETF standard used with many vendors as well). NetFlow analysis of network traffic is essential to see the full picture of all the applications including SaaS apps, voice, video and web conferences. Some advanced flow telemetry includes information about application performance like delay, jitter, loss and even HTTP response codes or TCP retransmissions. Through flow analysis, most network traffic issues can be resolved.
4) A packet analyzer with deep packet inspection (DPI) capabilities is critical for determining the root cause of many application issues and also security use cases. While NetFlow Analyzers are useful for most network traffic issues, packet analyzers allow you to analyze each packet and can troubleshoot application issues down to the request and responses in applications or complex issues related to voice over IP (VoIP) and video conferencing.
5) Network monitoring dashboards, reports and alerts are critical to get an overview of what’s happening with network traffic, but also to understand specific issues that are occurring. Enterprise-level tools allow for the consolidation of all these data sources, so you have a complete picture of your entire network, across all domains (in one platform) and display them appropriately through dashboards, reports and alerts.
Dashboards provide a high-level view summarizing information, but also display alerts usually based on key applications, sites and devices. Network traffic monitoring generally requires both real-time and historic reporting. Real-time reports are visual analytics for monitoring what’s going on with current network traffic.
Historic reports are useful for planning, providing updates to stakeholders and forensic troubleshooting of network incidents. More complex network environments require reporting processing at scale as network data sizes can be massive and slow down most monitoring tools.
Proactive alerts are vital for tuning into network traffic issues that need immediate attention. Increasingly, these alerts are powered by AI and Machine Learning so that anomalies in network traffic are automatically detected and potentially grouped into insights to help determine the root cause of the issues.
6) The final step is the deployment and day-to-day operations of the network monitoring solution. There may be specific workflows required such as capacity planning, application usage, WAN SLA reports and optimization of the networks and performance for specific applications. Especially for large enterprise networks, the ability to monitor a distributed environment with multiple key data sources – such as flow and packets – at scale is needed to provide information for optimization tasks. Some of the more complex optimizations may require multi-segment analysis where flow and packets from specific transactions are stitched together to see the application performance at various hops within the network.
Many enterprises will need to optimize voice, video, web conferencing, collaboration and unified communications, which may involve monitoring and adjusting QoS (quality of service) telemetry and policies. These types of applications generally have the most common and obvious network traffic performance issues. End-users often encounter jitters and loss of packets, when using voice, video or other communications applications in slow networks.
These usually surface as poor video, voice quality or user experiences. Using flow and packet analysis is critical to isolating and quickly resolving network traffic issues. QoS is about monitoring and managing data traffic to reduce congestion and improve jitter, loss and latency on the network per an established service level.
Establishing QoS policies and managing them ensures network resources get the necessary bandwidth to meet required service levels. Monitoring traffic to established QoS policies is fundamental to proper network traffic monitoring and optimization.
The stakes around network monitoring have never been higher as complexity and security become paramount concerns for organizations. Having the right tools in place, combined with platforms that centralize management and collection of visibility data is critical to ensuring your NetOps resources are used productively.
Click below to share this article