A new generation of network analysis tools gives traditional network management a boost.
Confusion surrounds the topic of network analysis tools.
While some believe that new network analysis tools are a marketing gimmick that repackage old tools with cosmetic changes, there are substantive differences in the new generation of tools. While traditional network performance tools analyze, report and track the performance of a computer network via new data sources, today’s tools offer new capabilities via streaming network telemetry and cloud computing integrations to better understand network performance throughout the network. These new network analysis tools can better address network performance issues.
While some monitoring protocols and approaches are part of an overall network analysis, the real-time data streams and analytics these tools have make them standalone monitoring tools that can replace many legacy tools.
Let's dig deeper to find out what functionality these network analysis tools bring to the table.
Most network analysis platforms include traditional monitoring methods, including ping, Simple Network Management Protocol (SNMP) polling and NetFlow/IPFIX collection. But additional granularity is necessary to provide the monitoring detail that administrators need to identify the source of network performance problems—the network, the application or another element in the IT environment.
To gain this level of insight, modern tools enlist several new tricks:
One is to analyze captured packets as they move toward their destination. Once packets are captured, analytics is run to identify the application each packet belongs to. An administrator can then verify that the results of the analysis meet or exceed an application’s minimum end-to-end network requirements. If they don’t meet the minimum requirements, a networking analysis tool can identify where in the path a problem has occurred.
Any decent network monitoring tool should ingest network performance data directly from the network. Most modern enterprise-grade network equipment vendors allow administrators to export streaming telemetry data from network components (such as routers and switches) to a network analysis tool.
Each network device contains useful information that can affect performance. Without proper visibility of various telemetry data along a data path, it’s impossible to determine where performance is impaired or where tweaks can be made. Thus, if we can stream telemetry data for all network devices, combined with flow data, a network performance monitoring tool can help network administrators put the pieces of the puzzle together and identify the root cause of performance issues.
The types of collected network telemetry data include information such as link operational status, link use, packet counters and rates, quality-of-service statistics and routing protocol state changes. Additionally, network health data can be collected on each component, including factors such as memory and CPU utilization, temperature and device uptime.
At this point, some readers may say, “I can get all this data with SNMP.” While true, SNMP polling is a pull technology (that is, a network administrator needs to request the information), whereas network telemetry is push (data is automatically generated and provided to the analysis tool). With SNMP, for example, the monitoring server is often configured to reach out to a network device every five to 30 minutes, depending on administrators’ needs. At each timed interval, this data is requested from the network device and put into a database. Over time, SNMP creates a baseline of useful information based on averages.
In comparison, the collection of network telemetry data is streamed in near-real time to a network monitoring tool for collection. Thus, there are far more data samples in any given time frame compared with SNMP. More data samples translate into more accurate information and, ultimately, a clearer picture of the health and performance of the network.
The biggest challenge for network administrators is visibility into the network performance monitoring of a cloud-based network. Early cloud adopters struggled with shoehorning traditional network analysis tools into an infrastructure that was owned and operated by a third party. Often, network admins ended up abandoning their own tools and relied on service providers’ built-in network analysis tools. While third-party tools can provide network performance visibility into a cloud, they don’t scale well in large hybrid or multicloud environments.
As cloud footprints continue to expand, network admins have begun to discover that moving to a network analysis tool can centralize and streamline end-to-end visibility with the benefit of advanced network performance management capabilities. Fortunately, network analysis tool vendors have worked hard to get their software to extend from a corporate LAN to various cloud service provider networks. Today all the popular cloud services offer application programming interface calls to network and server infrastructure. They enable customers to pull out network performance data and export it to a network monitoring tool. Thus, hybrid and multicloud performance monitoring and management can be now performed using a single, centralized and uniform monitoring platform.
By gaining detailed visibility that can be plotted over time, a network monitoring tool can also work as a network security tool. A network monitoring tool can collect various metrics over time, so changes to baselines are automatically flagged and in some cases alerted. A network analysis tool can identify malicious activity—for example, a compromised server that’s exporting sensitive data outside the network, or a distributed denial of service attack. While other tools can identify these kinds of malicious activities, it may well be the best at locating segments of the network and networked devices that have been affected. Having detailed network information can save time and stop an attack before it does real harm.
Previous network monitoring tools provided information that was largely important to network administrators and no one else. These tools helped admins identify simple component failures, predict future capacity needs and provide basic trend reporting. That said, times have changed, and the focus of network monitoring has shifted from monitoring up-down and trend data to monitoring events that have an impact on users’ application experience. In other words, generalizations will no longer cut it. Thus, modern enterprise networks now require performance monitoring tools with end-to-end visibility and deep-packet granularity to aid in optimizing the network and, in turn, improving a user experience.
Andrew Froelhich is the president of West Gate Networks, an IT consultancy and services provider. He has been involved in enterprise IT for more than 15 years. His primary focus is Cisco wired and wireless, voice-network design, implementation and support as well as network security. Froehlich has experience with network infrastructure upgrades and new buildouts. He's also been heavily involved in data center architectures designed to provide fault-tolerant enterprise applications and services to thousands of users.