What is Network Monitoring?

What is network monitoring?

Network monitoring is a software application that verifies the correct functioning of networked devices (e.g. routers, switches, and servers). The goal of network monitoring software is to minimize service downtime by detecting problems as soon as they occur. A network monitoring tool runs periodic checks on monitored devices to discover their status and resources utilization. When a device doesn’t respond to a check, or reports degraded performance on one or more resources, the network monitoring tool alerts the network administrator.

SNMP transaction between an SNMP poller and an SNMP agent (top), and SNMP trap from an SNMP agent to an SNMP trap receiver.

Network Monitoring via SNMP: an SNMP poller, or server, periodically queries an SNMP agent to gather status and resources available (top); an agent sends an SNMP trap to a receiver to alert about a failure (bottom).

Do I need a network monitoring tool?

If you work for an organization that owns and operates a network infrastructure, you need a network monitoring solution. If your company has 500 or more employees, chances are that network monitoring is a requirement. The more an organization relies on the network to process transactions, or to offer services to employees, customers, and partners, the more it should be available and well performing. The benefits of a network monitoring solution is to alert your team about faults and outages as soon as they occur. Another benefit of a network monitoring tool is that it helps network engineers to quickly identify and troubleshoot outages and performance issues. 

How do I select a network monitoring tool?

Before selecting a network monitoring tool, it’s important to know how many network devices will be monitored. With this information it’s possible to verify that a specific solution is scalable. It’s also important to make sure that there are enough in house competencies and resources to install and manage the network monitoring service itself. Once you have this information, you should consider price and features supported.

SNMP, Passive, or Active?

If you are new to the network monitoring world, you should be aware of three main network monitoring methods: SNMP, passive, and active. Each method provides different information about your network.

SNMP MonitoringThe Simple Network Management Protocol (SNMP) is an Internet standard used to request information from a device like a router, switch, or server, about the status of its resources, such as CPU, memory, and network interfaces. The type of information that can be obtained from a specific network device varies based on vendor and model. Each vendor publishes a set of management information base files (MIB/MIBs). MIBs describe the parameters or resources that can be queried from a specific device (SNMP agent). Most of SNMP solutions allow the import of MIB files to integrate with a specific device. If you want to learn more about SNMP monitoring, you can read the Wikipedia SNMP page.

Passive Network Monitoring: Passive network monitoring is a technique that relies on “listening” to user traffic to determine network utilization. By doing so, a passive network monitoring tool can reveal which users, applications, and protocols are using the available bandwidth. This methodology has also application in security and surveillance.

There are three ways to passively monitoring a network: network TAP, SPAN port, and flow-based protocols.

Different types of passive monitoring implementations: Network Tap (top), SPAN port (middle), and flow protocol (bottom).

Different types of passive monitoring implementations: Network Tap (top), SPAN port (middle), and flow protocol (bottom).

Network TAPs are dedicated devices that are installed in-line where the traffic has to be analyzed. A network TAP replicates the entire content of the frames (layer 2) flowing across. For this reason, network TAPs are generally preferred for deep packet inspection.

The second method relies on a SPAN (Switch Port fo ANalysis) port. A SPAN port is created on a switch by instructing it to send a copy of the traffic from a specific port or VLAN to another port on the switch itself or on another switch that has been connected to a network collector

The third method relies on a flow analysis protocol implemented by network hardware vendor, such as NetFlow, s-Flow, etc. If you want to learn more about passive network monitoring. You can read more on the Wikipedia passive network monitoring page.

Active Network Monitoring: Active network monitoring is real-time testing performed by software agents or hardware sensors, on network infrastructure and against applications to verify that the network (or applications) are available and performing well.  Active tests report real-time data such as end-to-end connection, packet loss, jitter, bandwidth, and HTTP response time. One of the most common tests run by active network monitoring tools is the ping command, which verifies round trip time to a remote host as well as packet loss. Active network monitoring tools are also used to provide service assurance, network testing, and capture the end-user experience on WAN and WiFi.

NetBeez

NetBeez is an example of an active network monitoring tools that runs real-time tests to let network engineers quickly detect and troubleshoot network performance issues. Here’s a list of supported active tests by NetBeez.

TestPrimary Metric
PINGRound-Trip-Time, Packet loss
DNSDNS Lookup time
HTTPHTTP Get time
TracerouteHop count, RTT, MTU
iPerfTCP/UDP/Multicast Throughput
VoIPJitter, Packet Loss, MOS
SpeedtestDownload/Upload Throughput

If you want to learn more about NetBeez, you download the technology’s overview and benefits.

Open source or commercial network monitoring?

Another common dilemma is whether to go with an open source or a commercial monitoring solution. This depends on many factors, mostly related to budget, time, and technical skills. Generally, open source network monitoring tools require more technical hands-on expertise (e.g. Linux) than paid solutions. Some open source tools, like Nagios or Zabbix, offer paid support plans. Paid support plans are a good way to get assistance during the installation, configuration and maintenance of the system. Terry Slater for NetCraftsmen has written an article about paid versus open source active network monitoring tools.

Conclusion

In this article I just scratched the surface of what network monitoring is and why your IT team needs it. In the last twenty years, many open source and commercial products were released. The National Accelerator Group at Stanford estimates 700+ tools. You can read the list of network monitoring tools published by that group. I hope that I provided some guidelines on what you should look for when considering a network monitoring tool.