Network Monitoring Solutions
One of the most important components of a great network design is the system used to monitor it. It is important to know what is happening on the network and proactively respond to potential issues. This is the first of a series of articles that will discuss the various monitoring solutions available and the key components involved in network monitoring and management.
Anatomy of a monitoring solution
Whether you use a commercial “all-in-one” product or a hodgepodge collection of free and open source tools, there are key elements that every network monitoring solution should include.
The primary protocol used to manage and monitor a network is Simple Network Management Protocol (SNMP). SNMP consists of “managers” with polling engines and “agents” with a management information base (MIB). The MIB is a collection of objects that provide information about the device and it’s state. These objects are referenced by “Object IDs” (OID).
The SNMP manager can poll specific OIDs or “walk” the MIB to collect information about the device. In addition to retrieving information, SNMP can also be used to send commands to devices to change some aspect of it’s configuration. This is a very efficient and powerful protocol, but there are also very important security concerns when setting it up. Securing SNMP will b discussed in a later article.
All applications and devices have some type of logging mechanism. Logs can be used to troubleshoot issues and trigger alerts for specific events. Devices can be set up to send syslog messages to collectors, where they can be stored for future use.
Each syslog message includes valuable information, such as a time stamp, host name, severity level, process ID, and a brief statement about the event that occurred. While the structure of syslog messages is defined in RFC5424, different vendors have their own way of presenting data via syslog.
If you decide to collect syslog from several different types of devices and operating systems, you may consider using a system that provides normalization. Normalization is a way of gleaning information from different log sources and formatting it in a way that is easier to read and understand.
NetFlow, IPFIX, and sFlow
NetFlow, IPFIX, and sFlow are protocols that provide insight into the traffic flowing through the network. This is extremely useful for monitoring bandwidth utilization and tracking the applications or endpoints using network resources. While all three protocols are similar, they each have unique attributes and functions.
One of the most beneficial aspects of a good monitoring solution is its ability to send automated alerts. These alerts can be triggered by events like link failures and syslog messages. Depending on the system you use, alerts may be sent via email, SMS text messages, or notifications on a web GUI.
Reporting and Visualization
Fancy reports and graphs are definitely a must. Many monitoring systems have customizable dashboards and automated reporting capabilities.
While this is not technically a part of network monitoring, it is a good thing to have. Configuration management could include features like configuration backups, automation and scheduled tasks, change management, and more.