What is network monitoring?
Network monitoring is a software application that verifies the correct functioning of networked devices (e.g. routers, switches, and servers). The goal of network monitoring software is to minimize service downtime by detecting problems as soon as they occur. A network monitoring tool runs periodic checks on monitored devices to discover their status and resources utilization. When a device doesn’t respond to a check, or reports degraded performance on one or more resources, the network monitoring tool alerts the network administrator.
What types of network monitoring are available?
There are three types of network monitoring tools: SNMP-based, passive, and active.
SNMP: The Simple Network Management Protocol (SNMP) is an Internet standard used to request information from a device like a router, switch, or server, about the status of its resources, such as CPU, memory, and network interfaces.
The type of information that can be obtained from a specific network device varies based on vendor and model. Each vendor publishes a set of management information base files (MIB/MIBs). MIBs describe the parameters or resources that can be queried from a specific device (SNMP agent). Most of SNMP solutions allow the import of MIB files to integrate with a specific device.
- Pros: Suited for monitoring network devices and servers.
- Cons: Is not used to verify that the network is forwarding traffic and well performing.
Passive Monitoring: Passive network monitoring is a technique that relies on “listening” to user traffic to determine network utilization. By doing so, a passive network monitoring tool can reveal which users, applications, and protocols are using the available bandwidth. This methodology is also adopted by security and SIEM tools. There are three ways to passively monitoring a network: network TAP, SPAN port, and flow-based protocols. Network TAPs are dedicated devices that are installed in-line where the traffic has to be analyzed. A SPAN port is created on a switch by instructing it to send a copy of the traffic from a specific port or VLAN to another port on the switch itself or on another switch that has been connected to a network collector. Flow-based protocols are implemented by network hardware vendor, such as NetFlow by Cisco, and provide application and protocol statistics about network traffic forwarded by a specific device.
- Pros: Can identify top talkers or top applications as well as bandwidth consumption.
- Cons: Is not proactive to detect end-user application issues, and requires considerable resources (storage, bandwidth, …) to scale.
Active Monitoring: Active network monitoring is real-time testing performed by software/hardware sensors or endpoint clients to verify network connectivity and application performance. Active tests report real-time data such as end-to-end connection, packet loss, jitter, bandwidth, DNS and HTTP/S response time. One of the most common tests run by active network monitoring tools is the ping command, which verifies round trip time to a remote host as well as packet loss. Active network monitoring tools are also used to provide service assurance, network testing, and capture the end-user experience on SD/WAN, WiFi, and remote networks (e.g. WFH).
- Pros: Proactive detection and best way to troubleshoot and address end-user issues.
- Cons: Is not meant to replace SNMP tools, so should be used in conjunction with traditional network monitoring tools.
Putting it all together: we have the pyramid of network monitoring!