How to Monitor Network Traffic
Five Steps for Effective Monitoring of Network Traffic
While this should come as no surprise, monitoring network traffic in large, enterprise-level organizations is quite different from that of a home or home office. Most large companies have a variety of domains, such as WAN, SD-WAN, Data Center, AWS, Azure, and others. As the network environment expands in large enterprises, monitoring network traffic becomes increasingly difficult. Knowing how to monitor network traffic is essential to ensure your network is running optimally. These are the five essential steps to network traffic monitoring.
How to Monitor Network Traffic Step One – Identify Network Data Sources
The first important step in effectively monitoring network traffic is to gain visibility across your entire network. This typically requires unifying data from multiple sources, especially in large organizations, as trying to accomplish this with a host of specialized tools is cumbersome and time-consuming.
The key data sources for network monitoring are:
Platforms like LiveNX ingest flow data (i.e. Netflow, IPFIX, SFlow, JFlow, LiveFlow, etc) for full visibility into the network performance across multi-vendor, multi-domain and multi-cloud networked environments. About 80 percent of the most common network traffic issues can be resolved quickly using just flow data.
Packet data is required for forensic level analysis, which is required to troubleshoot those tricky network application issues, especially with VoIP and video. Additionally, using packet capture appliances is useful as these appliances extend the monitoring of network traffic and applications to remote sites and branches, WAN edge, and data centers.
Increasingly, WiFi is becoming a standard networking approach at remote sites and branches. Being able to perform wireless 802.11ac packet capture for performance analysis is a critical source of data for monitoring WiFi network traffic.
The enterprise network is becoming increasingly complex often relying on vendors like Cisco, Aruba, or others, to provide network infrastructure and devices. Many of these devices are designed for network traffic monitoring using SNMP or API data. This data is useful for troubleshooting and resolving network issues quickly on specific devices.
Step Two– Discover Devices and Applications Running on Your Network
Discovery of devices, interfaces, applications, VPNs, and users are critical for monitoring network traffic. Network topology mappers are network monitoring tools used to automatically discover users on your network and the key applications utilizing network bandwidth. The basic components of a network topology mapper includes auto-discovery of applications and users on the network, analytics to create a visual and easy to interpret depiction of the network, alerting capabilities to make network traffic monitoring easy when policies are outside of SLA parameters, and of course, the ability to generate and export the topology maps to share with others.
Step Three – Apply the Right Network Traffic Monitoring Tool
Beyond a network topology mapper, monitoring network traffic generally requires four additional essential network monitoring tools:
While NetFlow was created by Cisco, the term, “Netflow Analyzer” is now a generic term used to describe flow data from any vendor, such as Juniper, a.k.a., JFlow. IPFIX is a flow standard used with many vendors. In short, flow analysis of network traffic is essential to see the full picture, such as network traffic from site-to-site or device-to-device. Most network traffic issues can be resolved through flow analysis.
A packet analyzer is used to decode the actual packets of network traffic. While NetFlow Analyzers are useful for most network traffic issues, packet analyzers allow you to analyze each packet for deep packet inspection (DPI) and troubleshoot more difficult application issues, especially those related to voice over IP (VoIP) and video conferencing, such as Cisco WebEx conferencing.
Network Performance Dashboard
Most network traffic monitoring toolsets come complete with a performance dashboard. These dashboards provide a high-level overview of what’s happening with network traffic. Enterprise-level tools, such as LiveNX, allow for the consolidation of all data sources, so you truly have a complete picture of your entire network, across all domains.
Network Monitoring Reports
Network traffic monitoring usually requires both real-time and historic reporting. Real-time reports are visual analytics to monitoring what going on with network traffic now. Historic reports are useful for planning, providing updates to key stakeholders, and even forensic troubleshooting of network incidents. More complex network environments require reporting processing at scale as network data sizes can be massive and bog down many monitoring tools not up to the task.
Alerts, especially proactive alerts, are vital for tuning into network traffic issues that need immediate attention, separating the relevant issues from the noise. Increasingly, these alerts are powered by AI and machine learning so that variances in network traffic are correlated and isolated to produce meaningful alerts, a.k.a., anomaly detection.
Step Four – Monitoring Traffic from Specific Network Manufacture
Effectively monitoring network traffic is often dependent on the specific network monitoring equipment being used. As an example, companies using Cisco networking equipment and software typically need tools to monitor them. These include Cisco iWAN, Cisco SD-WAN, Cisco SD-Access, and Cisco DNA Center. While manufactures will often position their products as not requiring specialized network monitoring tools, these claims are often bounded by exceptions. This is further complicated as most enterprise-level companies are more often than not using equipment from different vendors. To truly monitor traffic from specific manufactures across your entire enterprise, you will typically need a network monitoring toolset that can ingest data from multiple vendors to see the entire network.
Step Five – Optimize Network Traffic
The final “how to” step to monitoring network traffic is optimization itself. Optimization of network traffic falls into four basic categories:
Overall Network Performance Optimization
To optimize a complex network environment, your network performance optimization requires correlating network data from multiple domains and/or multi-tiered applications for multi-segment performance analysis, optimization, and troubleshooting. Visual analytics, dashboards, reports, and alerts allow you to isolate the most common traffic issues, such as applications hogging bandwidth.
Optimization Using Forensic Analysis
To isolates and resolve difficult network application issues requires using both flow and packet-level data. This allows you to isolate issues that might be causing a slow network and then drill-down from flow-level to packet-level, for forensic-level troubleshooting of specific application issues.
Optimization of Voice, Video and Unified Communications
The most common and obvious network traffic performance issues are related to collaborative applications. In slow networks, end-users often encounter jitters, loss of packets, when using voice, video or other communications applications. These often surface as poor video quality or voice quality. Using flow and packet analysis is critical to isolating and quickly resolving these network traffic issues.
Optimization to Quality of Service Levels
Quality of Service (QoS) is about monitoring and managing data traffic to reduce latency on the network per an established service level. Establishing QoS policies and managing these policies ensures network resources get the necessary network bandwidth to meet the required service-level. Monitoring traffic to established QoS policies is fundamental to proper network traffic monitoring and optimization.
By definition, network traffic monitoring is the process for identifying, diagnosing, and resolving network issues impacting the performance of applications running on the network. To monitor network traffic effectively and resolve network issues quickly, there are five essential steps. These steps, along with the right monitoring tools, ensure QoS policies are met and keep networks running optimally.