When trying to ascertain the best way to monitor bandwidth on the network, there are several criteria to keep in mind. Generally the first metric most IT groups consider when trying to monitor bandwidth consumption is traffic volume or bits per second (i.e. how full is the pipe?). In the past, the technology depended on to deliver this metric was SNMP, but today it has largely become NetFlow.
If we monitor bandwidth with something like SNMP, we can display the total in and out utilization on all interface. If, however, we step up our network traffic reporting efforts using NetFlow traffic analysis we can obtain richer details regarding who and what the bandwidth was consumed by. The ability to observe the specific hosts consuming the bandwidth and the application used allows administrators to determine if the traffic is related to business operations. And if the data is stored for future reference, we can go back in time to gain further insight such as whether or not the pattern is repeated, how often and whether the problem is getting worse.
Even with all this insight, it is easy to make performance assumptions when we monitor bandwidth utilization and these assumptions can lead to poor decisions. There are plenty of networks in the world that are underutilized yet terribly slow. This is why network monitoring should include other important metrics such as round trip time (RTT) or latency between hosts. RTT provides insight on the amount of time between two points. Performance of TCP connections can be impacted by poor connection times when systems need to wait for acknowledgements.
Counter to popular belief, latency isnt always caused by distance. Router hops, end system processing power and even poor connections can cause latency. Retransmits are the result of bad or lost packets which can also have an impact on latency. Excessive out of order packets is another condition that can cause retransmits and ultimately lead to additional latency. All of this can be tracked with a NetFlow collector. Make sure your next network monitoring solution reports on these metrics.
Network Traffic Analyzer
A network traffic analyzer that can provide the "monitoring a network" role using NetFlow or IPFIX should also inspect the traffic for anomalous behaviors. Odd behaviors can be indicative of network threats. In other words, threat detection should be another routine performed when monitoring a network. Since the traffic is already being inspected for latency, the additional steps necessary to provide another layer of network security generally do not cause excessive overhead.
Network traffic analyzers can perform all of the following and more with NetFlow:
- Study flow ratios (unique flows: destinations)
- Compare IP addresses to host reputation lists
- Look at byte volumes per flow per host
- Track the TCP flags used on connections
- Monitoring a network
Monitoring a network by considering bandwidth consumption alone isnt necessarily poor practice however, it does potentially ignore other insightful metrics that are often useful when trying to optimize your network performance monitoring efforts. A leader in NetFlow analysis keeps all of this in mind when customers want to monitor bandwidth.