CHAPTER 3

PERFORMANCE
MONITORING
 Performance Monitoring
• As network grow and become complicated, the percentage to have many
error that can seriously impact its performance are very high. As a result,
there is a need to have a proactive network monitoring in order to identify
the performance issue in order to ensure a high QoS.
• Proactive monitoring involves diagnosing and troubleshooting network
issues before they are evident to the end user and actively eliminating threats.
 Performance Monitoring- Best Practices
• Accept that IT complexing is growing faster than IT than your IT team
• Develop a monitoring strategy align with business priorities
• Implement a real- time view of network and server performance
• Use common tools across IT teams to minimize finger- pointing
• Avoid alert storm
• Ensure bandwidth is optimized for business apps and services
• Be prepared to scale up and out
Performance monitoring- What to monitor?
• Various router statistics via SNMP using tools like MRTG
• The end-to-end path with active probing with tools like appareNet
• The content of your packet flows at critical points (e.g. gateways and
firewalls) with tools like Sniffer and firewall Uis.
 Network Baselining
• The process of recording network traffic and performance, and saving the
data for future reference or reviewing it for network performance analysis
• Can be used as a benchmark with which to compare other traffic patterns
• Provides the network administrator insight into expected behavior on the
network and subsequently, the ability to notice changes to the environment
• Easy to identify network attacks (internal or external) and even the people
causing problems on the network, such as downloading movies at work
 How to Baseline a Network?
• Network diagram: draw the layout of the network structure, marking IP/
MAC address, VLAN, and places of all routers, switches, firewalls, servers,
management devices, and even the data flow directions.

Network management policy: helps you understand what services are

allowed to run on the network, what traffic is forbidden, and what services
should enjoy higher priority.
 How to Baseline a Network?
• Scope & Objectives: think what to baseline because it's hard or sometimes
unnecessary to include all hosts, switches and routers of a big network into
you baseline report. E.g; email, http traffic, switches, routers, and servers.
• Collect baseline data: A network baseline report contains these basic data:
network utilization, traffic components, top protocols talkers, top hosts
talkers, conversation statistics, address statistics, packet sizes, average packet
length, and key server info, etc.
Network Baseline Table
 Tips for Network Baselining
• Update the baseline document in time: Update the data in time when there are
any changes to the network. For example, when a new device is added, or a new
application is implemented, the changes need to be marked on in the baseline
report.
• An IP/MAC database is necessary: If the network is full of desktops, laptops
and switches, you should consider an IP/MAC database to record the user name
and place of each individual IP and MAC address. It's very helpful when you need
figure out who is using the IP or MAC and where it is when you decide to give it an
examination.
• Baseline the critical devices only: Remember, you don't have to maintain a
baseline table which covers all your host computers, laptops, servers,
switches, firewalls and routers.
• Only cover the mission-critical servers, such as email, web site, OA and CRM
servers, and core switches and routers in your baseline report.
• Should be organized in separate sheets to help you easily find what data you
need.
• Baseline over a long time period: It takes a long time to set up a network
baseline because your network probably works in different patterns through Monday
to Sunday.
• Keep baseline report easy to read: You should include all useful diagrams and
illustrations in baseline report, the more the better, such as a network diagram,
network policy, backups for switches and routers. The documents should be
standardized with explanations and descriptions, especially for the technical terms.
All of them are helpful when someone else is trying to access and read the
documents.
 New Network Traffic Analyzer Technologies
• collects, analyzes, and reports traffic detail from the existing infrastructure
without the need to deploy probes or software agents
• collects flow export detail from existing routers and switches, leveraging device
infrastructure for flow-based metrics
• obtains visibility into what and who is consuming network resources
• notify IT staff through a variety of alerts and operations console integration
when deviations in network traffic occur
• leverage existing routers and switches for detailed application analysis
 Common Features & Functions of Traffic Measurement
Tools
• user interface (web, graphical, console)
• real-time traffic graphs
• network activity is often reported against pre-configured traffic matching rules to
show:
• local IP address
• remote IP address
• port number or protocol
• logged in user name
• bandwidth quotas
• support for traffic shaping or rate limiting
• support website blocking and content filtering
• alarms to notify the administrator of excessive usage
Example of Network Monitoring Interface
Examples of Traffic Measurement Tools
• Argus  OmniPeek
• Cacti
 PRTG
• Cricket
• ET/BWMGR  Packet Trap
• Exbander Precision  PathSolutions
• FireBeast Switchmonitor
• Flow Mon  SecurActive
• Infosim
• InterMapper
 Sandvine
• MRTG  SevOne
• NetLimiter  Solana Networks
 Scrutinizer
Can you list criteria for best network
monitoring tools?
 References
• http://www.eweek.com/networking/10-best-practices-for-network-
monitoring-in-the-face-of-it-complexity
• http://searchnetworking.techtarget.com/tip/Network-monitoring-Best-
practices?
• http://www.colasoft.com/resources/network-baseline.php