Bandwidth Monitoring 101

Bandwidth Monitoring 101: Network Traffic Analysis Best Practices

Monitoring traffic and bandwidth usage across LAN links is an essential part of ensuring optimal network performance.

What is Bandwidth Monitoring?

Bandwidth monitors collect, monitor, and analyze network traffic volume by end-point (user), port, interface, and protocol (application). This information enables multiple best practices, such as:

  • Assuring adequate bandwidth for business-critical applications.
  • Minimizing the impact of non-critical or unauthorized network traffic.
  • Identifying bandwidth bottlenecks such as bandwidth hogging processes unnecessarily running in peak load periods.
  • Alerting to potential Distributed Denial of Service (DDoS) attacks or externally initiated port-scans.

It used to be that bandwidth monitoring only meant focusing on internet traffic, but the practice is now being used for a much wider range of components. To give you a solid idea of its modern use cases, it's now possible to observe network traffic between general web application traffic or devices. No matter what traffic you may be monitoring, a solid understanding of the bandwidth analysis is incredibly important so that network administrators can be certain that they're providing the best possible performance to end-users.

Analyzing Network Data

At its core, bandwidth monitoring is all about data. Bandwidth is measured as the amount of data transferred in time (bits per second). In the modern era, there's a seemingly unlimited amount of data being transferred between users at the push of a button, so it's critical that we know how to measure the speed and performance of this data.

What is Netflow?

NetFlow is a network protocol developed by Cisco to collect IP network traffic as it enters or exits and interface. NetFlow uses seven key values to identify unique flows:

  • Source IP Address
  • Destination IP Address
  • Source port
  • Destination port
  • IP Protocol
  • Ingress interface
  • Type of Service (ToS) values

NetFlow-enabled devices (router/switch) log a new flow if a packet with unique identifications in the seven key values passes through its interface. Subsequent packets with the same values are logged as increments to the same flow, while a difference in just one value results in the termination of the current flow and the initiation of another flow. NetFlow captures data for both ingress (incoming) and egress (outgoing) IP packets in an interface.

The flow data is sent to a flow collector or bandwidth monitoring tool, like WhatsUp Gold’s Network Traffic Analysis. These tools often leverage a variety of vendor proprietary formats like Cisco's NetFlow and NetFlow-Lite, or Juniper's jFlow, sFlow, or IPFIX.

Why Network Traffic Monitoring is so Critical

Monitoring bandwidth is one of the most critical aspects of network management. Without comprehensive insight into what traffic is consuming bandwidth, it is not possible to ensure proper availability for business-critical services and applications. Administrators can ensure business-critical applications are guaranteed minimum bandwidth and get traffic priority by applying QoS (Quality of Service) policies. WhatsUp Gold monitors and reports on Cisco's NBAR and CBQoS class-based policies.

It’s very common for traffic monitoring tools to help distinguish between normal traffic patterns and suspicious ones. With viruses and malware often consuming out of the ordinary amounts of bandwidth, monitoring bandwidth utilization can also be invaluable in identifying security anomalies.

WhatsUp Gold uses the data from flow-enabled devices to monitor bandwidth utilization as by users, applications, protocols and connections. Real-time analysis of network traffic according to type and protocol allows instant tracking and resolution of network congestion issues. By monitoring bandwidth, administrators can plan for spikes in usage, identify bandwidth-hogging applications and users (by IP address) and ensure business-critical applications get the requisite amount of bandwidth. Billing accounts from service providers, which are typically based on peak utilization, can be verified through 95th percentile reporting (a widely-used calculation to measure regular and sustained bandwidth utilization). Validate that business-critical applications get the bandwidth allotted to them by monitoring Cisco NBAR and CBQoS.

Bandwidth Analysis in Both Directions

In the modern world, most business operations are reliant on network speeds to conduct critical operations. It’s important that administrators remember that there are two distinct types of bandwidth speeds; upload and download speeds. Both of these speeds should be monitored to ensure optimal network performance.

Bandwidth capacity is also an important consideration for administrators. Bandwidth capacity is the maximum amount of data that a link is able to transfer. During network configuration, it’s important to consider bandwidth capacity as administrators will need to know how much traffic the network can support.

Getting Visibility Into Network Traffic and Bandwidth Utilization

Visibility is often thought of as the tools that allow for network monitoring. In actuality, network visibility is about how data is collected, aggregated, distributed, and served to the network monitoring tools themselves. The amount of data being transferred by the modern enterprise network is in a constant state of growth, creating a complicated environment for IT, network, and security teams.

Since your network traffic holds the key to providing effective services levels for your business as well as network security issues, bandwidth monitoring should be part of your IT monitoring strategy.

WhatsUp Gold supports NetFlow, NetFlow v9 (Lite), sFlow, J-Flow (sampled NetFlow), or IP Flow Information Export (IPFIX) data from routers, switches, and other network devices, giving you end-to-end traffic visibility in your network. WhatsUp Gold makes it easy to get detailed visibility into your network traffic to see which users, applications, and protocols are consuming bandwidth. This insight allows you to setup bandwidth usage policies, maximize your return on ISP costs and ensure adequate bandwidth for critical business applications and services. With insight into application bandwidth consumption, administrators are able to better manage the performance of their overall infrastructure, applications, and services. Additional administrators can identify bottlenecks and establish an effective workaround plan.

By understanding what network traffic is consuming the most bandwidth during a network slowdown, troubleshooting can be accelerated. This allows administrators to notice bottleneck issues such as bandwidth hogs running where and when they shouldn’t. Gaining visibility into historical bandwidth usage trends gives administrators the ability to stay ahead of capacity planning. This bandwidth visibility provides network teams to demonstrate effective bandwidth management and easily justify bandwidth upgrades

Tags

Get Started with WhatsUp Gold

Subscribe to our mailing list

Get our latest blog posts delivered in a monthly email.

Loading animation

Comments

Comments are disabled in preview mode.