Network professionals know that monitoring network traffic is the key to maximising efficiency and security — but that's often easier said than done. Even with automation, the job is more complicated than ‘setting and forgetting' — so here are some words of wisdom, age-old and brand new, to help.
The only constant in networks is change
One could be forgiven for thinking the Ancient Greet Heraclitus was a network engineer because his grand summation—Panta Rhei, or ‘all things change'—perfectly describes modern networks. Continual change is the challenge underlying a large proportion of network issues.
Network managers need complete visibility into all aspects of the network. If they don't know which devices and ports are carrying traffic and how other factors like line speeds come into play, the traffic model has no firm foundation, and troubleshooting is complex.
The problem is that these elements are usually in flux. New devices are added to the network, configurations are updated — but if network topology maps aren't consistently updated, teams aren't seeing what they need to see.
A lack of monitoring can become a problem
Call it the ‘Murphy's Law of Network Management.' The problem being troubleshot inevitably derives from the part of the network that is not being monitored. At least, that's the way it seems because the issues occurring in these areas are the ones that keep the team in the NOC all night.
A holdover from the days of network management tools with limited capacity is the habit of cherry-picking what to monitor based on preconceived notions and prior experience. Accustomed to accommodating less capable network monitoring software, teams might only keep an eye on a few ‘essential' ports on a switch, for example. But, unfortunately, doing so turns all the other ports into huge blind spots.
Today's solutions don't require such compromises. Invest in the right systems, and the ability to monitor pretty much everything can be unlocked.
Humans are the weakest link
Sadly, we're not talking about end-user error here. Like the stakeholders we serve, network administrators are also mere mortals and fallible, especially when recording information about one network change while five other people demand assistance with other priorities.
Multiply a few documentation failures over days, weeks, and months, and the network diagrams teams rely on become almost useless. Houston, we have a problem.
This is where a network management platform with automatic updating comes in. If there's no manual maintenance to conduct, there's nothing to forget. When a new line card is added to a multi-slot switch, the new ports are monitored automatically.
Two approaches are better than one
Ever hear the parable of the blind men and the elephant? The group is trying to figure out what an elephant is like. Each man touches a different part and comes away with a different impression — an elephant is pointy and hard (the tusk), an elephant is expansive and wrinkly (the body), an elephant would make a great feather duster (the tail).
The point: only a combination of perspectives provides a complete understanding of the elephant.
Something similar applies when monitoring network traffic. There is the elemental approach, and there's flow reporting, but neither will provide all the information required on its own.
- The elemental approach looks at individual ports on particular devices to determine the level of traffic, the volume of traffic, and the network bandwidth utilisation of traffic on those ports. From the elemental approach, teams can tell how busy the network is but cannot understand anything about the nature of the traffic.
- Flow reporting — through NewFlow, sFlow, NBAR, and other tools — uncovers the nature of the traffic, including which systems are talking to each other over a circuit and at what volume. Flow only provides information about traffic that has successfully travelled a circuit — leaving things like failures, corrupt packets, and bad traffic in its blind spots.
User happiness is hard to measure
A full circuit at high utilisation, happy users. Another circuit of the same spec, low utilisation, trouble tickets galore. How can this be explained?
Unpredictability and slow network response have various possible root causes, and utilisation rate isn't necessarily the key to identifying what's wrong. When evaluating network performance, keep in mind these essential words:
- Each network route has its own timing implications
- Most connections involve many hops, and the problem could be far downstream
- Understanding network dependencies and topology in all its complexity is essential in avoiding blind spots and failures
- A connection to the Internet alone, no matter how busy, is not an indicator of root cause.
The hours in a day can be multiplied
There are only 24 hours in a day, and network management can easily take all of them. But there is an answer — time multiplication.
Investing the effort to automate, streamline, or improve a process today will reduce the time the same task takes tomorrow and every day after that. The result: consistently fitting more work in less time. Voila, time multiplication!
It's another pearl of wisdom that holds true in network management. Far too many network teams make do with antiquated tools because they don't set aside the time to research better options. They remain on the same treadmill, putting in overtime whenever problems arise, rather than biting the bullet, doing the research, and implementing software solutions that will make life easier from now on.
The answer is obvious—make the time to make a change. If you haven't looked at network management solutions in 12 months or more, you will be surprised at the features and functionality included these days and the time savings they can deliver.
To take advantage, you'll need just one more old saw: Seize the day!