Network performance is always a hot topic to discuss. When performance slows, it is easy to blame the carrier. But often the problem is due to your own LAN or server applications. How can you figure out what the problem is?
Unless you have centralized network monitoring installed on your network, you very likely will never resolve your performance issues.
Most people are familiar with SNMP (Simple Network Management Protocol) since nearly every network device supports it. SNMP is fine to keep track of devices that devices are attached and operating, but beyond that, it places a great deal of overhead traffic on your network. It uses Polling, running information back and forth on the network. But SNMP won’t provide much troubleshooting information.
Products such as NetFlow, Sflow, Jflow and IPFIX are common standards for Flow Records. Flow Records follow the flow of packets source IP address, destination IP address, source port, destination port, layer 3 protocol type, type of service (TOS) byte, and input logical interface. Flow analysis compiles and collects packet samples entering the switches and routers, providing good data for analysis. Flow analysis uses statistical sampling, so not every packet is collected. There are some freeware applications that run on Linux that are worth investigating.
Flow-based analysis relies heavily on the same hardware being used to control network traffic: the routers and switches themselves. On busy networks, conflicts for hardware resources like processing power and memory can result. It is the flow analysis that loses when conflicts occur. While it does allow for some troubleshooting, like identifying users who are hogging bandwidth, for example, it does not include any payload information, nor are the packets saved, limiting one’s ability to troubleshoot the network intelligently. (This explains one reason why routers have options for additional memory.)
Packet based monitoring is the most comprehensive tool. The common term “packet sniffing” is done by capturing every packet traversing the network. The packets are then decoded and analyzed, allowing analysis right down to the application level. The server collecting your data can be accessed whenever a network problem arises, so you can see exactly what has happened. You can go back in time which is especially helpful with intermittent problems that are difficult to reproduce. Finally, you will also want to collect Payload information, which is the linkage between networking and application information. Then all the data you need is available. But this approach also is the most expensive approach.
Here are a few links worth visiting learn about monitoring applications:
MRTG – Multi Router Traffic Grapher: http://oss.oetiker.ch/mrtg/
NTOP Netflow Probe: http://www.ntop.org/solutions.html
WinPcap: http://www.winpcap.org/
PRTG Network Monitor: http://www.paessler.com/prtg/
EtherApe: http://etherape.sourceforge.net/
Wild Packets: http://www.wildpackets.com/products/network_analysis
Solarwinds: http://www.solarwinds.com/products/
SD-WAN-Experts has the technical resources to help you resolve your network performance challenges. Contact us for more information.
