Getty Images
4 categories of network monitoring
Network teams should routinely monitor the states of their networks. The type of network monitoring strategy used depends on the needs of the organization.
Network monitoring can take many forms, depending on what needs to be examined. As network architectures become more software-centric and decentralized from a hybrid and multi-cloud perspective, network teams might find it confusing to understand the various types of network monitoring methods and tools.
Let's look at four categories of network monitoring, along with specific mechanisms and protocols, that can provide the right level of visibility an organization needs.
1. Availability monitoring
Availability monitoring is the simplest way for network teams to know if a device is up and operational. Some availability monitoring tools do more than solely monitor whether a device is completely online or offline. Specific interface status notifications and network device hardware checks are often lumped into this group.
Examples of commonly used protocols that monitor network availability include the following:
- Internet Control Message Protocol (ICMP). An ICMP ping is a simple verification test that shows whether a device is accessible on the network.
- Simple Network Management Protocol (SNMP). SNMP monitors device and interface status.
- Event logs (syslog). Syslog collection servers can trigger alerts when uplinks, interfaces or routes become unavailable.
2. Configuration monitoring
Configuration monitoring checks are essential for those managing traditional network components that use local configuration files. Automated tools that can compare similarly configured devices for inaccuracies are must-haves, from both a performance and IT security perspective.
These tools typically take the command-line output of a device configuration file and compare it to other files that perform similar tasks on the network. Network teams can investigate differences between configurations to ensure that all network components are set up to operate identically.
Key features in configuration monitoring include the following:
- real-time monitoring of network configuration changes and who made those changes;
- automated configuration rollback when unauthorized changes occur; and
- configuration comparison between network appliances to spot configuration inaccuracies.
3. Performance monitoring
While network availability monitoring somewhat overlaps with performance monitoring, distinct differences exist between the two.
Availability monitoring is more concerned with the operational status of the components that comprise the network infrastructure. Health monitoring does this too, but with added emphasis on the end user's performance experience. Thus, performance monitoring focuses more on network utilization, latency and suboptimal path selection.
Examples of performance monitoring protocols include the following:
- SNMP. This sends alerts when interfaces, switch CPU and memory become overutilized.
- Event logs (syslog). Syslog triggers alerts when utilization reaches specific thresholds or when unexpected routing changes occur.
- Flow-based monitoring. This provides visibility into specific network flow conversations and the amount of bandwidth consumed by each flow.
- Packet capture analysis. This provides deep analysis of networked conversations that often point to underlying transport issues, which upper-layer monitoring tools cannot see.
- Streaming telemetry. This is a collection and analysis of real-time network health and performance data used to quickly identify and resolve complex issues.
4. Cloud infrastructure monitoring
In many cases, private and public cloud instances can use the same types of network monitoring tools implemented on corporate networks. However, many cloud service providers offer their own suite of built-in network monitoring tools. While these cloud monitoring tools are often free to customers, they typically can't integrate into other third-party tools organizations already use.
Organizations must weigh the pros and cons of managing multiple, distributed network monitoring services versus spending more time and effort to centralize monitoring into a handful of tools. Implementing those tools may be more demanding, but they help provide full visibility across the corporate network and into the cloud.
Modern advancements in network monitoring
Several notable advancements in network monitoring have helped lessen the management and support burden on ITOps staff. For example, many network architectures are fully configured and managed from a centralized cloud portal. In many cases, the central control plane comes prebuilt with myriad network monitoring tools and alerting capabilities, meaning separate third-party tools are no longer required.
Other advancements that have gained tremendous popularity, because of the COVID-19 pandemic, are hardware or software agents that monitor network performance of WFH employees and micro-branch offices. These hardware- and software-based tools enable ITOps staff to monitor network performance of remote users, regardless of where they work.
Finally, the use of AI and machine learning within network monitoring tools has helped eliminate many manual processes and speed up the identification and remediation of network-related issues. Whether performance or security-related, AI is proving to be invaluable in discovering issues, identifying root causes and, in some cases, automating the remediation of network incidents.