Modern networks have a great deal of bandwidth in the LAN and in many cases there is an increasing amount of bandwidth in the WAN too. We must consider that once you get beyond 100Mbs connectivity you are starting to out run the available performance of the bus in many PCs and server NICs. Certainly when you have a 1000Mbs connection there is very little chance of a single device PC or server being able to put enough data on the line to trouble the network connection.
A more obvious place to look for bandwidth issues is where a number of servers or users come together sharing connection points or lower speed WAN links. This is becoming an increasing issue due to two key factors:-
• Current network designs are increasing the distance between servers and users
• Social networking is becoming more popular with images playing a major role
Whether it is or is not a bandwidth issue, it is expected that any network professional should be in a position to answer the question. There are a range of tools that can help, depending on the level of detail you want to see.
At the fundamental level there are SNMP tools (such as SolarWinds Orion), which use the hardware (switches, routers etc) in your network to count packets for you. These tools answer questions such as how busy are the links, are the switches seeing errors etc. The data is gathered on a per port (interface) basis, how many automatic reports are created and how well the information is organised depends on the quality of the SNMP tool.
These tools are very popular in the market place as they answer a lot of the common network performance questions very quickly and the better ones even create simple but effective diagrams of the network showing availability and performance in a map format.
The issue with these basic tools comes when a little more information in required. If you find a busy section of the network, it is not too unreasonable to ask “who is it?” and “what are they doing?”. SNMP as a technology relies on counters in the switches which measure the packets in and out. There is nothing in the technology which can look at the addresses of these packets or the protocols involved.
Therefore the next tools to consider involve NetFlow and Probes. These have the ability to record the not only the utilisation of a link but also read the IP address information and the protocol fields. NetFlow uses the Layer 3 switches and routers to export the routing cache to a database, then a reporting engine organises it into a meaningful form. Some of the better SNMP tools now have NetFlow modules (such as SolarWinds Orion) to add this extra detail to their statistics.
Other more dedicated NetFlow tools (such as Plixer Scrutinizer) have also emerged which offer more detail on traffic patterns, carrier types, interface analysis and even look for security risks based on the patterns of the TCP connections in the network.
In modern networking one of the blind spots in looking at traffic analysis is the use of port numbers to identify protocols. It is very easy to look at a WAN link (internet pipe) and read that it is all Port 80 (HTTP traffic). This is not very helpful and can be hiding all sorts of illegal downloads, music files, social networking images etc. This can also be complicated by the use of shared PCs, hot desking, remote/home workers as these devices will use shared IP address ranges making it very difficult to identify the users behind this questionable traffic.
More advanced tools (such as NetFort LanGuardian) are now available that combine deep packet inspection technologies (DPI) and directory login data to give very precise information on the specific users (not the IP addresses) associated with each transaction such as file saves/copies/deletes per file directory and download activity per webpage.
In summary, there are many ways to look at the utilisation of your network, the question is how much detail do you need to see?
Return to Article Go on to Errors
Last Updated: 17/08/2010