What is Active Network Monitoring?

Active network monitoring (a network monitoring technique) is real-time testing, performed by software agents or hardware sensors, on network infrastructure and against applications to verify that the network (or applications) are available and performing well.  Active tests report real-time data such as end-to-end reachability, packet loss, jitter, bandwidth, and HTTP response time. One of the most common tests run by active network monitoring tools is the ping command, which verifies round trip time to a remote host as well as packet loss.

$ ping www.google.com
PING www.google.com (74.125.29.105): 56 data bytes
64 bytes from 74.125.29.105: icmp_seq=0 ttl=46 time=69.206 ms
64 bytes from 74.125.29.105: icmp_seq=1 ttl=46 time=208.630 ms
64 bytes from 74.125.29.105: icmp_seq=2 ttl=46 time=62.758 ms
64 bytes from 74.125.29.105: icmp_seq=3 ttl=46 time=307.980 ms
64 bytes from 74.125.29.105: icmp_seq=4 ttl=46 time=112.118 ms

--- www.google.com ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 62.758/152.138/307.980/93.751 ms
$

Benefits of Active Network Monitoring

One of the benefits of this technique is that it reports real-time information on network availability and performance.  In a previous blog post, I covered the Cisco IP SLA network performance monitoring suite. If you are a network engineer familiar with this technology, you may find active network monitoring to be very similar. In fact, as stated in the Cisco IP SLA Configuration Guide, “IP SLAs uses active traffic monitoring—the generation of traffic in a continuous, reliable, and predictable manner—for measuring network performance”.

Active network monitoring is indeed very effective for quickly detecting network and application problems; it tests the actual network routes and applications with real traffic (instead of monitoring individual devices in a network, or components of an application) to infer network and application availability and performance for the end-users based on their overall status. This is one of the reasons why NetBeez is primarily based on active tests: to quickly detect network problems before the users detect them.

Active network monitoring test against google.com

Screenshot of the NetBeez dashboard of a ping test to www.google.com run by a Ethernet active monitoring sensors.

Test Interval and Detection Time

Based on the frequency of the network and application tests, the network manager can decide how quickly a problem needs to be detected. For example, the table below shows that if we run a ping test every five seconds, and declare a remote network unreachable after five consecutive tests fail, we’ll have detected connectivity issues within twenty-five seconds. That’s a very short detection time when compared to the five-minute interval that most SNMP systems are configured by default.

TestPrimary Metric(s)Test interval*Detection time*
PINGRTT, Packet loss5 seconds25 seconds
DNSDNS lookup time30 seconds2 minutes 30 seconds
HTTPHTTP GET time60 seconds5 minutes
TracerouteHop count, RTT, MTU120 secondsn/a
iPerfTCP/UDP/Multicast throughputUser-definedn/a
VoIPJitter, packet loss, MOSUser-definedn/a
SpeedtestDownload/Upload throughputUser-definedn/a

The above table reports only some of the tests that can be run via an active network monitoring tool.

To conclude, network engineers and administrators that are interested in proactively detecting network and application problems on large, complex enterprise networks, should implement active monitoring against web and cloud applications.