The potential benefits to centralized network monitoring are numerous, and they include better end-use productivity, network performance, application performance and security and compliance.
But there are several ways to monitor your networks, each employing different methodologies. And I think it’s important to review them if you’re in the market for such services – so you know what kind of information and services to expect. I’m not saying one method is better than the other, but you may only need to go with one type versus another – depending on your needs. Or, you can pick a combination.
One type of network monitoring is based on Simple Network Management Protocol. SNMP identifies and describes system configurations, monitoring network-attached devices for basic high-level conditions such as outages, total levels (bytes, packets), and number of users. But SNMP-based monitoring uses polling, a system whereby a periodic request is made at variable intervals and the response gives the current state of the system, and it uses up a lot of bandwidth. SNMP-based network monitoring provides a basic level of useful information, but it’s not the best approach for troubleshooting and analysis of root problems.
Then, there’s monitoring via flow records, and this method has become most common in centralized network monitoring. A “flow” is simply a sequence of a sampling of packets that has seven identical characteristics: source IP address, destination IP address, source port, destination port, layer 3 protocol type, type of service (TOS) byte, and input logical interface. Flow records are very analytical, providing information such as overall throughput and statistical data on each IP to IP conversation passing through a network device. Thus flow records provide deeper levels of information needed to troubleshoot network problems. But even this method is limited because it does not include any payload information, and the packets aren’t saved.
The third type of network monitoring is a packet-based approach. With this method, software and/or computer hardware intercept packet traffic passing over a digital network or part of a network. The packets are then decoded and analyzed. Because all packets are captured, this method is 100% accurate for each flow. Compared to the SNMP method, the packet-based approach has a minimal network impact because all analysis is done locally at the point of capture, reducing substantially the bandwidth needed to send information over the network. Also, data in a packet is more comprehensive, so deeper analysis can be performed – which can help IT managers analyze apps, too. The packets are storable, in addition, so that means analysis – and troubleshooting – can begin immediately.
If you’re considering network monitoring, discuss all of these methods with your prospective provider and explore which would be best for you. For instance, if you just want to check the status of a device, SNMP may be all you need. Meanwhile if it’s sampled high-level information you’re after, then flow-based monitoring could be the answer. But if you’re looking for all the detail of network traffic, then packet-based is the approach.
And, perhaps, you may benefit from a combined approach. Read more about centralized network monitoring in this recent article.