When you wish to have a system that can automatically detect your network health (i.e. up/down connection, checking bandwidth, network device status and utilization); usually you need some kind of automatic network health monitoring system that can send you alerts in form of either email, SMS/text, or flashy display on your PC monitor should the system detects issues. There are a lot of software out there that do this, from the "free" version to "premium-pay" version. Following are some of technology key words on how the software is designed.
* Syslog
* ICMP (Internet Control Message Protocol)
* SNMP (Simple Network Management Protocol)
* Netflow (Cisco specific)
Syslog
Typical business-grade network devices (i.e. routers, firewalls, switches) should be able to generate some kind of logs due to some event or incident such as up/down interface, routing updates, and configuration changes. This kind of logs in general are in the form of syslog messages. By default, these syslog messages are stored within the devices themselves.
When you have an automatic health monitoring system, the system should have a syslog server which collects all syslog messages generated by all network devices. To have this, following are the general idea.
* Install a syslog server
* Configure the server to receive and to store syslog messages from your network devices
* Configure your network devices to send syslog messages to syslog server
Note that you should be able to check syslog messages on the network devices themselves. However those devices are not designed to store syslog messages for a long time. Usually after a short period of time, the logs are deleted. Using a syslog server, you can store syslog messages much longer period (typically for 1 to 3 months) and even can back up the messages to other media such as tape backup.
ICMP (Internet Control Message Protocol)
In a lot of time, you may need to see if certain circuit or Internet connection is up or down. One simplest and common way to find out is to ping the Internet gateway (your ISP equipment) or pretty much any device that is at the other side of the circuit. This ping mechanism is based on assumption of receiving ICMP echo reply from the device you monitor in certain time frame as a response of ICMP echo your monitoring system is sending. If in certain time the ICMP echo reply is not received, the other end device could be safely assumed to be either down or busy.
SNMP (Simple Network Management Protocol)
In some cases, having a syslog server to collect syslog messages are insufficient. One case is that syslog messages don't provide more specific info regarding specific events or devices such as device CPU or memory utilization, bandwidth utilization, and device temperature. This is something that SNMP does provide.
SNMP is another essential part of your automatic health monitoring system. Similarly to Syslog, a SNMP server collects SNMP traps from SNMP clients. These SNMP clients could be any IP-based network devices such as routers, firewalls, switches, printers, and production servers (i.e. web or mail). As mentioned; up/down interface, CPU and memory utilization, port or bandwidth utilization, temperatures, and low on laser printer toner are just little things SNMP traps from specific devices can represent those device health condition.
Once SNMP server receives all of those SNMP traps, the server can generate reports on those specific conditions. If you like to see CPU and memory utilization on specific SNMP clients within certain time range for instance, you can pull a report regarding those. You can do similar task for switch port utilization.
Further, you can link your SNMP server to your mail server. This way you (or just anybody within your company) can receive mail alert when specific condition take place such as device temperature hits 80 degree Fahrenheit, CPU or memory utilization of a device hits 80% or more, and down devices.
Cisco Netflow
Specifically for bandwidth utilization, SNMP report only tells how much specific port or connection is utilized (i.e. 10% or 90% utilized). However the report does not tell you which traffic are utilizing the bandwidth.
When your network devices are Cisco that can provide Netflow reports, you can utilize Netflow to provide such specific details. In a nutshell, the Netflow reports show which traffic are utilizing the bandwidth from perspectives of source and destination IP address, TCP or UDP port, and how many IP packets are going through. For instance, your internal user (let's say 10.0.10.254 IP address) accesses your internal webserver (let's say 10.0.0.2 on TCP port 80) and www.yahoo.com on the Internet using 80% of available bandwidth.
Software To Choose
There are many software that can do Syslog, ICMP, SNMP, and Netflow collection and report as mentioned. A lot of companies like to use Solarwind or Whatsup products. Some companies like to use CiscoWorks.
There are free ICMP and SNMP software that are widely used such MRTG and Cacti. One popular free Syslog software is Kiwi Syslog.
Basically any software that you think work should do. Typically the "premium-pay" software is preferred when you have a large or complex networks, or you like details or thorough reports.
Software/Application Performance
A lot of time, network or Internet slowness is caused by software or application run on server or PC. This software or application could be mail (SMTP), web (HTTP, HTTPS, SSL, TLS), FTP, SQL databases, or even peer-to-peer applications such as Kaaza and eDonkey. Beside monitoring the network, monitoring the software and/or application performance is highly recommended as these software and/or application can be written incorrectly by the developers, causing poor performance.
There are many monitoring system you can choose as the software or application performance monitoring. Some of them are OPNET and Ixia. By using OPNET for example, you can find out exactly what happen during the client-server relationship on some software or application and if those events of client-server relationship happen as expected or not. The monitoring result should give you ideas of what happen and if the events you see may cause performance problem.
Note that you don't have to use the mentioned monitoring system. Those mentioned monitoring system are just picked as illustration (although they are proven to work and helpful on real-life production network). As a rule of thumb, any monitoring system should do as long as they are able to serve your need.
Related Topic
»Cisco Forum FAQ »Improving Small Business network performance
Some Discussions
»Network Monitoring
»[OT] Network Test tool http/Sql/Mapi/SIP, etc
 feedback form
 feedback form
by aryoba 
last modified: 2009-09-16 08:39:05 |
