Monitoring bandwidth usage is a vital aspect of any network management strategy. Bandwidth monitors collect, monitor and analyze network traffic volume by end-point (user), port, interface and protocol (application). This information enables IT Admins to:
- Assure adequate bandwidth for business-critical applications
- Minimize the impact of non-critical or unauthorized network traffic
- Identify bandwidth bottlenecks such as bandwidth hogging processes unnecessarily running in peak load periods
- Alert potential DDoS (Distributed Denial of Service) attacks or externally initiated port-scans
How it Works
How exactly do these tools monitor network bandwidth? Two main software techniques are used for collecting and monitoring network bandwidth usage data. They are:
SNMP
In this method, bandwidth monitors send SNMP queries to SNMP-enabled devices on the network. The devices then send device-centric information (stored in their Management Information Bases (MIBs)) back to the device. This information can include network bandwidth usage data. The monitoring tool can then analyze this data to monitor network bandwidth usage.
NetFlow
NetFlow is Cisco’s monitoring protocol that can collect various statistics on network bandwidth usage across devices, and hence monitor network bandwidth. NetFlow is based on “Flows”, which is defined a continuous series of packets sharing common characteristics (including source/destination IP and ports, IP protocol, Ingress Interface and Type of Service values). These characteristics are defined in Cisco’s NetFlow 7-ple key. NetFlow can be enabled on network device interfaces, which then monitor the “flows”. A series of packets with unique values in the 7 fields constitutes a flow, and subsequent packets with identical values are added as increments to the existing flow. A difference in even one of the values is recorded as a separate flow, and flows end when configurable timeouts are reached or specific flow ending packets are encountered. The flow data is then sent as UDP packets to a NetFlow collector, which then analyses the data into information for monitoring network bandwidth (including bandwidth usage, network traffic details, network trends and anomalies, bandwidth peaks and valleys, performance metrics, and so on).
Bandwidth Monitoring Software
A bandwidth monitor tracks bandwidth use over all areas of the network – devices, applications, servers, link connections, leased lines etc, and offers insights into network bandwidth utilization and traffics analysis. It also maps out historical trends for capacity planning and proactively identifies security issues.
Bandwidth monitoring software uses various technologies including SNMP and flow-based technologies like NetFlow, to identify, monitor, and analyze application and network traffic. Some of the capabilities of a bandwidth monitor tool would be:
- Real-time bandwidth monitoring, and mapping historical user trends: Real-time monitoring allows administrators to identify interfaces/links/applications/users/protocols taking up bandwidth. For instance, the Flow Monitor can highlight bandwidth utilization over LAN, WAN links and specific devices, identifies internal and external traffic sources/destinations. It also classifies the information as Top speakers, Top Protocols, Top Applications that use up bandwidth.
- Apply QoS policies: By default, each network channel operates on a best-effort basis – every application gets equal priority, be it a business critical VoIP service, or a user streaming video content. QoS polices are essential to ensure business-critical applications get sufficient bandwidth. WhatsUp Gold, for example, verifies Quality of Service over through Type of Service (QoS over ToS); DSCP for LAN/WAN, CBQoS policies and Cisco NBAR classification mechanisms.
- Historical trends identification: By studying traffic patterns and usage over a period of time, and by analyzing the data, bandwidth monitors can identify trends in bandwidth usage and potential bottlenecks. The historical data also aids administrators in capacity planning; efficient purchase of hardware/bandwidth and also verifies bandwidth-based billing including “burstable” bandwidth services using 95th percentile reports.
- Identify abnormal bandwidth usage: By monitoring real-time bandwidth usage along with historical bandwidth trends, bandwidth monitors can proactively identify security issues like DDos attacks; unauthorized downloading and other suspicious, potentially malicious, network behavior. For instance, the Flow Monitor can aid in security forensics and analysis by automatically identifying high traffic flows to un-monitored ports; expose unauthorized applications like file sharing and video streaming; monitor traffic volumes between pairs of source and destinations; and detect failed connections.
WhatsUp Gold Bandwidth Monitoring
WhatsUp Gold uses NetFlow, jFlow, and sFlow to monitor network bandwidth and application traffic. It automatically discovers NetFlow enabled routers and switches, and configures them to collect and send NetFlow data back to it. WhatsUp Gold then analyzes the data, providing details on traffic identification, historical trends and QoS through ToS verification. Comprehensive reports showing Top Protocols, Top Senders, Top Application etc, are provided.