Best Tools for Troubleshooting Network Performance Issues

It seems like networks are never fast enough. Really, network performance is by far the single most complained-about issue when it comes to networked systems. There’s a reason for that, though. Network performance—or lack thereof—is probably the most perceptible issue from a user’s point of view. So, when tasked with troubleshooting network performance issues, network administrators needs to know what to look for, where to look for it, and they should have access to the right tools.

Today, we’re having an in-depth look at troubleshooting network performance issues.

Network Performance Issues | Troubleshooting

We’ll start off, as we often do, with a mile-high view of what network performance is. Then, as we get closer, we’ll have a more detailed look at some of the factors that typically affect the performance of computer networks. We’ll first discuss bandwidth and throughput which, to a certain extent, are two sides of the same coin. Next, we’ll talk about latency and delay, two metrics that are often confused. We’ll do our best to shed some light on the subject.

Our next order of business will be jitter, one of the most performance-impacting aspects of networks. And last but not least, we’ll discuss errors which can sometimes be the consequence and sometimes the symptoms of other problems. And since having access to the proper tools is very important when troubleshooting network performance issues, we’ll have a look at a few of the best network monitoring tools that can help with your troubleshooting efforts.

About Network Performance

Wikipedia defines network performance in a very simplistic way. “Network performance refers to measures of service quality of a network as seen by the customer”. There are three important concepts in that definition. The first one has to do with measuring performance. This is critical. Network performance is something that is measured. The second important concept is quality. Performance refers to quality. And last but certainly not least, the customer. Performance is something that is seen or experienced by a user of the network, not just by measuring tools. This is why it is so important to have network performance monitoring tools that are able to take measurements from a user’s perspective.

But isn’t the user’s perspective a highly subjective concept that can be hard to evaluate? It certainly is but, using the right tools and technologies, it can be achieved. The key is to know how each metric does affect perceived performance and this is precisely our topic of the day.

Put differently, a network’s performance is its ability to meet its user’s expectations. This is important as it implies that a network’s performance is user-dependent. Some network use cases have very small performance requirements while others need more. A well-performing network is one where the actual performance matches the usage, giving users a perception that all is working well.

Factors Affecting Network Performance

Several things can affect perceived performance. Some factors are not even network-related. For instance, a server that responds slowly can be interpreted as a sign of network performance degradation. This is one more reason why we need to know what network factors are at play as it will allow, through a process of elimination, to identify non-network performance issues.

In the following paragraphs, we’ll have a look at what factors and parameters are interacting to give users the perception of good—or no so good—performance. Some of these factors are physical characteristics of networks over which we typically have no control while others are elements that can often be improved, thereby giving users the perception of better performance.

Bandwidth and Throughput

Bandwidth and throughput are, in a way, two sides of the same coin. Furthermore, there is not a clear distinction between the two terms and they are often used interchangeably. We feel this is a mistake as they are, in reality, somewhat different concepts.

Bandwidth typically refers to the data-carrying capacity of a network segment by unit of time. It is usually expressed in multiples of bits per seconds, with megabits per second (Mbps) and gigabits per second (Gbps) being the most common. For example, a legacy fast-Ethernet connection has a bandwidth of 10 Mbps. Bandwidth is not something that is measured, nor is it something that varies over time and with increased usage. It is an inherent characteristic of a network. Some circuits use technologies where bandwidth can easily be increased or reduced but, in most situations, it is a fixed parameter that cannot be modified.

As for throughput, it refers to the actual amount of data successfully transmitted by unit of time. Tshroughput is restricted by available bandwidth as well as the available signal-to-noise ratio, network errors and hardware limitations. Most of the same factors affect network performance affect throughput. In fact, throughput is a close cousin of performance. All things being equal, the higher the throughput, the higher the perceived performance.

In the context of perceived network performance, bandwidth and throughput are important because when bandwidth usage approaches the maximum capacity of a network segment, performance usually degrades significantly. This is why although bandwidth is fixed, bandwidth usage must be monitored.

Latency and Delay

Much like bandwidth and throughput, there is often a lot of confusion between latency and delay. This is another situation where two concepts are used interchangeably. Both have to do with the time it takes for data to travel from its source to its destination. Latency is often described as the time from the source sending a packet to the destination receiving it. It can also refer to the round-trip delay time which comprised the one-way latency from source to destination plus the one-way latency from the destination back to the source. In fact, round-trip latency is used more often, mainly because it can be measured from a single point. Round trip latency normally excludes the amount of time that a destination system spends processing the packet and issuing the response.

RELATED READING: 6 Tools to Manage Network Configuration for All Your Devices

Latency is another physical characteristic of networks. It is a factor of the distance between the source and the destination and the speed of light which, incidentally, it’s also the speed at which data travels over any type of media. Like bandwidth, Latency is a fixed parameter. The only way to reduce it is to move the source closer to the destination. Reducing the distance by some 100 km will remove about 1 millisecond of latency.

There are quite a few other factors that add some delay to the network transmissions. For instance, queuing delay occurs when a gateway receives multiple packets from different sources heading towards the same destination. Since only one packet can typically be transmitted at a time, some of them must be queued for transmission, incurring an additional delay. Also, processing delays are incurred while a gateway determines what to do with a newly received packet. Bufferbloat can furthermore cause increased delays of an order of magnitude or more. The combination of propagation, queuing, and processing delays often result in a complex and variable network latency profile.

Latency and delay are the main factors affecting perceived network performance. Fortunately, they can easily be measured either single- or dual-endedly. Dual-ended measurement, as described earlier, if often preferable as it ignores the destination’s processing delay and provides a true measurement of the network’s latency.

Jitter

Jitter is the biggest enemy of network communications and while it is relatively easy to explain, it is somewhat more complicated to understand how and why it can have such an adverse effect on data transmissions. Let’s try to explain. Simply put, jitter is a variation in delay. There are several factors that can cause jitter. In fact, many of the same factors affecting delay also affect jitter. For example, queuing delays are directly related to queue length. And since a typical queue constantly varies in length, so does delay, hence jitter.

The thing with jitter is that it does not affect all network traffic in the same way. When delays vary considerably between the multiple packets that compose a message (i.e. in high jitter situations), the packets could arrive at their destination out of sequence. Let’s take, for example, a transmission comprised of four packets that are transmitted at 10 ms intervals. The first one encounters 20 ms of latency, the second one 60 ms, the third one 40 ms and the last one 20 ms. I’ll spare you the boring math but in such a situation the first packet will arrive first, followed by the fourth, then the third and finally the second. In some situation, this wouldn’t be a problem. For example, if we’re dealing with a file transfer, the packets are sequentially numbered and can easily be reassembled in the proper order at the receiving end. On the other hand, if what we have is real-time traffic such as a streaming video or a VoIP conversation, we’re in trouble as packets cannot be correctly reassembled, resulting in pixelated video or garbled audio. From a user’s standpoint, we’re having a performance issue.

Errors

To a certain extent, network errors are another factor affecting network performance. Bit errors refer to the number of bits of a data stream received over a communication channel that have been altered due to noise, interference, distortion or bit synchronization issues. The bit error rate or bit error ratio (BER) is the number of bit errors divided by the total number of transferred bits during a given time interval. It is often expressed as a percentage.

While networks are very robust and resilient, they will, most of the time, recover from these errors using several methods including built-in error-correction schemes or retransmission of erroneous data. But while these can be acceptable, they often cause unnecessary delays, increased jitter and all sorts of user-perceived performance issues.

ALSO READ: Packet Loss — How to Measure And How to Fix

The Top Tools For Troubleshooting Network Performance Issues

While there are tons of tools for measuring network performance, not all of them are as feature-full as the few we’ve picked for you. The best ones will not only display bandwidth but also several bandwidth-affecting metrics such as latency or jitter thereby helping you quickly troubleshoot network performance issued.

1. SolarWinds Network Performance Monitor (FREE TRIAL)

SolarWinds is one of the best-known vendors of network and system administration tools. It is famous for its many excellent network administration tools. Among the most famous SolarWinds products are the NetFlow Traffic Analyzer and the Server and Application Monitor. The company is also recognized for making a handful of excellent free tools, each addressing a specific need of network and system administrator. The Advanced Subnet Calculator and the Kiwi Syslog Server are two excellent examples of those free tools.

SolarWinds’ flagship product is called the Network Performance Monitor, or NPM. This is a full-featured network monitoring solution with great functionality. The SolarWinds NPM polls any enabled device using the SNMP protocol to read their operational metrics and interface counters. It stores the results in an SQL database and uses the polled data to build graphs showing each WAN circuit’s usage as well as other important metrics.

SolarWinds NPM Enterprise Dashboard

The SolarWinds Network Performance Monitor boasts a user-friendly GUI. With it, adding a device is as simple as specifying its IP address or hostname and SNMP community string. The tool then queries the device, lists all the SNMP parameters that are available, and allows you to pick those you want to monitor and display on your graphs.

Prices for the SolarWinds Network Performance Monitor start at $2 995 and vary according to the number of devices to monitor. A detailed quote can be obtained by contacting the SolarWinds sales team.

If you’d want to try the product before purchasing it, a free 30-day trial is available, as it is for most SolarWinds products.

2. ManageEngine OpManager

The ManageEngine OpManager is a complete management solution that will address most monitoring needs. The tool can run on either Windows or Linux and it is loaded with excellent features. For instance, its auto-discovery feature can graphically map your network, giving you a uniquely customized dashboard.

The tool’s dashboard is another one of its strong points. It is super easy to use and navigate and has drill-down functionality. If you’re into mobile apps, they are available for tablets and smartphones and will allow you to access the system from anywhere. Overall, this is a very polished and professional product.

ManageEngine OpManager Monitoring

Alerting in OpManager is another of the product’s strengths. There is a full complement of threshold-based alerts that will help detect, identify, and troubleshoot network issues. Multiple thresholds with various notifications can be set for every performance metric.

If you want to try the ManageEngine OpManager, get the free version. It is not a time-limited trial version. It is, instead, feature-limited. It won’t, for instance, let you monitor more than ten devices. While this might be sufficient for testing purposes, it will only suit the smallest networks. For more devices, you can choose between the Essential or the Enterprise plans. The first will let you monitor up to 1 000 nodes while the other goes up to 10 000. Pricing information is available by contacting ManageEngine’s sales.

3. PRTG Network Monitor

The PRTG Network Monitor from Paessler AG is an agentless network monitoring system. Paessler claims that the PRTG Network Monitor can be set up in a couple of minutes. Our experience shows that it can take a bit more than that but that it is still very easy and quick, thanks to an auto-discovery feature that will scan your network, find devices, and automatically add them. The tool uses a combination of Ping, SNMP, WMI, NetFlow, jFlow, sFlow, but can also communicate via DICOM or the RESTful API.

PRTG Dashboard - Datacenter Monitoring

One of the strengths of the PRTG Network Monitor is its sensor-based architecture. You can think of sensors as add-ons to the product except that they are already included and don’t need to be added. There are add-ons for virtually anything. For example, there are HTTP, SMTP/POP3 (e-mail) application sensors. There are also hardware-specific sensors for switches, routers, and servers. In all, there are over 200 different predefined sensors that retrieve statistics such as response time, processor, memory, database information, temperature or system status from the monitored devices.

The PRTG Network Monitor offers a selection of user interfaces. The primary one is an Ajax-based web interface. There’s also a Windows enterprise console as well as mobile apps for Android and iOS. One nice feature of the mobile apps is that they can use push notification of any alerts triggered from PRTG. More standard SMS or email notifications are also available. Although the server only runs on Windows, it can be administered from any device with an Ajax-compatible browser.

The PRTG Network Monitor is offered in two versions. There’s a free version which is full-featured but will limit your monitoring ability to 100 sensors. Note that each monitored parameter counts as one sensor and, for example, monitor 24 interfaces on a network switch will use up 24 sensors. If you need more than 100 sensors, you must purchase a license. Their prices start at $1 600 for 500 sensors. You can also get a free, sensor-unlimited and full-featured 30-day trial version.

Read Best Tools for Troubleshooting Network Performance Issues by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

6 Best Open-Source NetFlow Software (FREE)

There are several types of network monitoring available. One of them, possibly the most common, is SNMP monitoring. It can be used to give administrators a rather clear picture of how much data is carried over the networks they manage. But when they want a more detailed picture—such as learning WHAT the traffic is rather than just HOW MUCH there is—they have to turn to a different technology.

NetFlow, a monitoring technology developed by Cisco and introduced a while back on the manufacturer’s devices has become the de facto standard when it comes to qualitative network monitoring. NetFlow monitoring tools can be expensive and out of the reach of many smaller businesses. Fortunately, several open-source NetFlow software packages are available and we’re about to review them.

Best FREE Open-Source NetFlow Software

We’ll begin our journey by having a look at network monitoring in general. We’ll follow with a discussion on the different types of monitoring, specifically concentrating on bandwidth monitoring and traffic analysis. Next, without going too technical, we’ll have an in-depth look at the NetFlow technology, what it is and how it works.

We’ll discuss some similar technologies that are also available before we get to the core of our subject, the actual open-source NetFlow tools which are available. While some of the tools are relatively limited in terms of what they can accomplish or can be harder to configure than some paid packages, all provide some genuinely interesting functionality.

About Network Monitoring

Network traffic is very similar to road traffic. Just like network circuits can be thought of as highways, data transported on networks are like vehicles travelling on that highway. But as opposed to vehicular traffic where you just have to look to see if and what is wrong, seeing what’s happening on a network can be tricky. For starters, everything is happening very fast and data transported on a network is invisible to the naked eye.

Network monitoring tools let you “see” exactly what is going on in your network. With them, you’ll be able to measure each circuit’s utilization, analyze who and what is consuming bandwidth and drill down deep into network “conversations” to verify that everything is operating normally.

Different Types Of Monitoring Tools

There are basically three major types of network monitoring tools. Each one goes a little deeper than the previous and provides more details about the traffic. First, there are bandwidth utilization monitors. These tools will tell you how much data is transported on your network but that’s about it.

To get more information about the network, you need another type of tool, network analyzers. Those are tools that can give you some information on what exactly is going on. They won’t just tell you how much traffic is passing by. They can also tell you what type of traffic and between what hosts it is moving.

And for the most detail, you have packet sniffers. They do an in-depth analysis by capturing and decoding traffic. The information they provide will let you see exactly what’s going on and pinpoint issues with the greatest accuracy. As useful as they are, they are beyond the scope of this post.

Bandwidth Usage Monitoring Tools

Most bandwidth utilization monitors rely on the Simple Network Management Protocol, or SNMP, to poll devices and get the amount of traffic on all–or some–of their interfaces. Using that data, they will often build graphs that depict the bandwidth utilization over time. Typically, they’ll allow one to zoom into a narrower time span where graph resolution is high and shows, for instance, 1-minute average traffic or zoom out to a longer time span–often up to a month or even a year–where it shows daily or weekly averages.

Network Traffic Analysis Tools

If you need to know more than the amount of traffic passing by, you need a more advanced monitoring system. What you need is what we refer to as a network analysis system. These systems rely on software that’s built into networking equipment to send them detailed usage data. These systems can typically display top talkers and listeners, usage by source or destination address, usage by protocol or by application and several other useful information about what is going on.

While some systems use software agents that you must install on target systems, most of them rely instead on standard protocols such as NetFlow, IPFIX, or sFlow. These are usually built into equipment and ready to use as soon as they are configured.

NetFlow In A Nutshell

NetFlow was developed by Cisco Systems and was introduced on their routers to provide the ability to collect IP network traffic as it enters or exits an interface. The collected data is then analyzed by network administrators to help determine the source and destination of traffic, the class of service, and the causes of congestion. There are three main components to the NetFlow technology:

  • The flow exporter aggregates packets into flows and exports flow records towards one or more flow collectors. This is the component that is running on the monitored devices.
  • As for the flow collector, it is responsible for reception, storage and pre-processing of flow data received from a flow exporter.
  • Last but not least, the flow analyzer is an application that is used to analyze received flow data. Analysis can be used for traffic profiling, or for network troubleshooting.

How It Works

Routers, switches and any other device that supports NetFlow can be configured to output flow data in the form of flow records and send them to a NetFlow collector. A flow is a complete conversation in the IP sense. The device preparing flow records normally sends them to the collector when it determines that the flow is finished either through ageing–there has not been any traffic within a specific timeout–or when it sees a TCP session termination.

The flow record contains a lot of information about the flow. It includes the input and output interfaces, the start and finish timestamps of the flow, the number of bytes and packets it contains, the layer 3 headers, the source and destination IP address and port number, the IP protocol, and the TOS value. Flow records don’t contain the actual data that made up the flow. The only contain information about the flow. This is important from a security standpoint.

Except in huge multi-site environments, the flow collectors where the records are sent are often also the flow analyzers. They use the information contained in flow records to present data about network traffic in a way that is useful to network administrators. Different NetFlow collectors and analyzers will have different ways of presenting data. This is where our list of the best NetFlow collectors and analyzers will come in handy.

Other Similar Technologies

Various versions and adaptations of NetFlow do exist and some are known under a different name. In fact, many of those are used under license from Cisco. There are also true alternatives to NetFlow, the two best-known are sFlow and IPFIX. The latter is heavily based on the latest version of NetFlow except that it is an IETF standard. In fact, there are many reasons to believe that Cisco might even eventually replace NetFlow with IPFIX. As for sFlow, it is a different, competing system. Its goal and general principles of operation are similar but different. Some NetFlow analyzers will also work with sFlow but, generally speaking, users of one don’t use the other.

The Top Open-Source NetFlow Software

1. SolarWinds Real-Time NetFlow Analyzer (FREE DOWNLOAD)

SolarWinds is one of the best-known players in the network administration tools field. The company has been around for some 20 years, bringing us some of the best network administration tools. It has also acquired a solid reputation for making great free tools that, even though they are sometimes feature-limited, are still excellent tools. One such tool is the free Real-Time NetFlow Analyzer. Although this is not an open-source tool, it is completely free and is well worth looking into. This tool might not be quite as complete and full-featured as its big brother, the SolarWinds NetFlow Traffic Analyzer, this product gives you the same basic functionality.

SolarWinds Real-time Netflow Analyzer

The tool can capture and analyze Appflow, NetFlow, JFlow, and sFlow data in real-time. And it will show you exactly the types of traffic on your network, where it’s is coming from, and where it’s going to. You can also use it to diagnose traffic spikes and troubleshoot bandwidth issues.

Here are some of the Real-time NetFlow Analyzer’s primary features:

  • Identify which users, devices, and applications are consuming the most bandwidth
  • Isolate network traffic by conversation, app, domain, endpoint, and protocol
  • View network traffic by type and specified time periods

The tool, like most other SolarWinds tools, installs easily via a standard Windows setup wizard. And once installed, a NetFlow Configurator is included to help you with the configuration of devices that support various NetFlow variants.

This free software has some limitations when compared to its bigger brother, though. For instance, its primary focus is the current and recent state of your network. As such, it can only collect data from one NetFlow interface and will only keep and analyze the last 60 minutes of data.

2. FlowScan

FlowScan is a sort of visualization tool that you typically use to analyze NetFlow data and report on it. It can produce visual graphs that are generated in near-real-time and that show you the current state of your network. FlowScan can be deployed on most GNU/Linux or BSD systems. It relies on several other packages in order to correctly collect and process flows. For example, Cflowd is used as the flow collector. FlowScan is mainly composed of a Perl script that makes up the bulk of the software package. This component is responsible for loading and executing reports. Another major component of the software is RRDtool, a popular tool used for storing data in round-robin databases and plotting that data on graphs. FlowSanc uses it to store flow information and produce useful graphs.

Sample FlowScan Graph

Network administrators often realize that they have either collected too little or too much data. Flow profiling, as available in FlowScan, offers an interesting compromise between these extremes in data collection. Because flows aggregate data collected as packets travel across a given port or interface, they can be used as a sort of summary for series of packets travelling between endpoints of interest. However, this feature alone is insufficient for reliable continuous use. Additional software tools are needed to define, parse, and analyze these flows. Those additional tools are included with FlowScan.

3. nProbe and ntopng

nProbe and ntopng are somewhat advanced–and therefore somewhat complicated–open-source tools. Ntopng is a web-based traffic analysis tool for monitoring networks based on flow data while nProbe is a NetFlow and IPFIX exporter and collector. Together, they make for a very flexible analysis package. If you’ve administered Linux networks before, you might already be familiar with ntop. In that case, you’ll be glad to know that ntopng is a next-generation GUI version of this ageless tool.

NtopNG Screenshot

There’s a free community version of ntopng however, you can also purchase an enterprise version of the product. It can be expensive but it is free to educational and non-profit organizations. As for nProbe, you can try it for free but it is limited to a total of 25 000 exported flows. To go beyond that, you’ll need to purchase a license.

Like most modern network analysis tools, ntopng features a web-based user interface which can present data by traffic-such as top talkers, flows, hosts, devices, and interfaces. It has a mix of charts, tables, and graphs, most of them featuring drill-down options that let you explore them in greater depth. The user interface is very flexible and allows for a lot of customization.

4. Flow-Tools

Flow-tools is a toolset for working with NetFlow data. More precisely, it is a library combined with a collection of programs used to collect, send, process, and generate reports from NetFlow data. The tools can be used together on a single server or distributed to multiple servers for larger deployments. The Flow-Tools library also provides an API for the development of custom applications for NetFlow export versions 1, 5, 6, and the 14 currently defined version 8 sub-versions.

This project is a fork of the old and mostly defunct OSU flow-tools project. this is not the most active project out there and the latest version dates back to some nine years ago. However, if you’re looking for a simple tool and are willing to put the efforts required to set it up, this may be a great tool to consider.

5. NFsen/NFDump

NFsen, which is short for Netflow Sensor, is a web-based front-end tool for nfdump. It is typically used to display a nice and user-friendly graphical image of the data that nfdump generates, including NetFlow data. You have the ability to generate reports of your NetFlow data with all sorts of information including—but not limited to—flows, packets and bytes using RRD database tool. Furthermore, you can also set up alerts and view historical data.

Nfsen Overview Screenshot

The NFsen project is still very active and the software can be downloaded from its Sourceforge page. It will run on any Unix/Linux systems. You’ll need to previously set up PHP, PERL (along with Perl Mail::Header and Mail::Internet modules), RRD Tools module and NFDump tools installed on your system in order to use it correctly.

6. pmGraph

pmGraph is yet another excellent open-source tool for graphing and monitoring bandwidth. It is designed to complement pmacct, a network monitoring and auditing tool. The two tools are supplied together as a Debian package, and instructions for installing pmGraph cover the installation of both tools. pmacct collects and monitors traffic using Netflow or Sflow on networking devices (including firewalls, routers and switches) into a database and allows for analysis of the collected data using pmGraph.

pnGraph Screenshot

pmGraph was developed by staff and volunteers from Aptivate, the digital agency for international development, to be a flexible and powerful tool for network and systems administrators, with advanced user-friendly graphing capabilities. Here’s a rundown of the product’s primary features:

  • User-friendly and simple interface
  • Displays information about the connections between remote and local machines, and ports used
  • Hostname resolution using DNS and DHCP servers
  • Shows usage for a specific IP address or port
  • Configurable number of results

pmGraph is a platform-independent software which has been developed in Java and is designed to work in a servlet container such as Tomcat, which is available for all common platforms. pmGraph is very lightweight and requires only 8 MB of disk space. However, it relies on external, bulkier programs. If you don’t already have Tomcat, Java, and MySQL server, you will have to install them as well, taking up to around 300 MB of disk space, still not a lot of space. These components will be installed for you if you use the package installation and you can install pmGraph without learning much about them.

Read 6 Best Open-Source NetFlow Software (FREE) by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

6 Best NetFlow Tools To Use Alongside VMware

Cisco’s NetFlow technology is commonly used to monitor network traffic on a qualitative basis by analyzing traffic data collected by switches and other networking devices. With virtualization getting more and more widespread, and with VMware being the most common virtualization platform, we thought it would be a good idea to have a look at using NetFlow with VMware.

Although it makes obvious sense that Cisco networking equipment comes with the NetFlow technology built right into it, not everyone is aware that the virtual networking components within a Vmware-based virtual infrastructure also support that technology. Today, we’re going to be discussing the use of Cisco’s NetFlow technology alongside VMware to monitor virtual networks.

How to use NetFlow with VMWare

We’ll assume that if you’re reading this, you already know what VMware is and are familiar with its virtual networking components. On the other hand, we’ll also assume that you’re not that familiar with NetFlow so we’ll begin by exploring this technology and briefly explain how it works.

Our goal is not to make you experts but to give you enough background information to better appreciate the rest of our discussion. Next, we’ll discuss the NetFlow support that is built into VMware and have a quick look what monitoring features are available. And finally, since you need some sort of NetFlow collector and analyzer to make sense of the information gathered by your virtual networking devices, we’ll have a look at some of the best NetFlow tools that one can use with VMware.

Introducing NetFlow

Developed by Cisco Systems, the NetFlow technology was introduced on their routers to provide the ability to collect data about network traffic as it enters or exits an interface. This data can be analyzed by specialized applications to extract the source and destination of the traffic, its class of service, and, by extension, the probable causes of many networking issues.

A typical NetFlow monitoring setup consists of three main components:

  • The flow exporter aggregates packets into flows and exports flow records towards one or more flow collectors. This is the component that is built into the networking devices.
  • The flow collector is responsible for reception, storage and pre-processing of flow data received from a flow exporter. This component is typically part of a network monitoring tool.
  • The flow analyzer, or flow analysis application, is used to analyze received flow data. Analysis can be used for traffic profiling, or for network troubleshooting. This component is usually combined with the collector although large NetFlow deployments can use separate collectors and analyzers.

RELATED READING: Best Real-Time Bandwidth Monitoring Utilities to Track Network Usage

How NetFlow Works

Networking devices that support NetFlow generate flow records and send them to a NetFlow collector. A flow, in this context, is a complete conversation in the IP sense. The device preparing flow records normally sends them to the collector when it determines that the flow is finished either through ageing–when there has not been any traffic within a specific timeout–or when it sees a TCP session termination.

NetFlow Architecture

The flow records contain various information and metrics about the flows such as the input and output interfaces, the start and finish timestamps of the flow, the number of bytes and packets it contains, the layer 3 headers, the source and destination IP address and port number, the IP protocol, and the TOS value. Flow records don’t contain the actual data that made up the flow, they only contain information about the flow. This constitutes an important security feature of this technology.

Except in large, multi-site environments, the flow collectors where the records are sent are also the flow analyzers. They use the information contained in flow records to present data about network traffic in a way that is useful to network administrators. Different NetFlow collectors and analyzers will have different ways of presenting data.

ALSO READ: NetFlow vs sFlow, which one is right for you?

NetFlow Support in VMware

VMware vSphere 5 supports NetFlow v5 which, by the way, is one of the most common versions supported by network devices. The NetFlow capability built into the vSphere 5 platform provides visibility into various virtual infrastructure traffic flows such as:

  • Intra-host virtual machine traffic (which is virtual machine–to–virtual machine traffic on the same host)
  • Inter-host virtual machine traffic (which is virtual machine–to–virtual machine traffic on different hosts)
  • Virtual machine to physical infrastructure traffic

The image below shows a distributed switch configured to send NetFlow records to a collector which, in turn, is connected to an external physical network switch. The blue dotted line with an arrow clearly shows that the NetFlow session is established to send flow records for the NetFlow collector for analysis.

VMWare NetFlow Example

The NetFlow capability on a distributed switch along with a NetFlow collector and analyzer such as those reviewed below helps monitor application flows and measures flow performance over time. It can also help with capacity planning and ensuring that network resources are used properly by the different applications, based on their specific needs.

Network administrators who want to monitor the performance of application flows running in their virtualized environment need to enable flow monitoring on a distributed switch. This can be done either at the port group level, at an individual port level or at the uplink level. When configuring NetFlow at the port level, administrators should select the NetFlow override tab, which will make sure that flows are monitored even if the port group–level NetFlow is disabled.

The NetFlow configuration sample screen shown below demonstrates the various parameters that can be controlled during the NetFlow setup.

VMware NetFlow Configuration

The Best NetFlow Tools To Use Alongside VMware

While any NetFlow collector and analyzer can be used as a destination within your VMware environment, not all of them are created equal. We’ve compiled this list of some of the very best NetFlow collectors and analyzers that can be used with VMware but also with any networking equipment supporting that technology.

1. The SolarWinds NetFlow Traffic Analyzer (FREE TRIAL)

SolarWinds is one of the best-known makers of network and system administration tools. Its flagship product, called the Network Performance Monitor is viewed by many as the best network bandwidth monitoring tools. Likewise, the SolarWinds NetFlow Traffic Analyzer—which, incidentally, installs on top of the Network Performance Monitor—is one of the best NetFlow collector and analyzer available today.

SolarWinds NTA Dashboard Summary

Some of the SolarWinds NetFlow Traffic Analyzer’s best features include:

  • Monitoring Bandwidth use by application, by protocol, and by IP address group.
  • Monitoring IPFIX, Cisco NetFlow, Juniper J-Flow, sFlow, and Huawei NetStream flow data allowing it to identify which devices, applications, and protocols are the highest bandwidth consumers.
  • Collecting traffic data, correlating it into a usable format, and presenting it to the user through a web-based interface for monitoring network traffic.
  • Identifying which applications and categories consume the most bandwidth for better network traffic visibility (including Cisco NBAR2 support).

The SolarWinds NetFlow Traffic Analyzer is an add-on to the Network Bandwidth Monitor. You can save by acquiring both at the same time as the SolarWinds Network Bandwidth Analyzer Pack. Prices for the bundle start at $4 910 for monitoring up to 100 elements and vary according to the number of monitored devices. While this may seem a bit expensive, keep in mind that you’re getting not one but two of the best monitoring tools available.

If you’d prefer to try the product before purchasing it, a free 30-day trial can be downloaded from SolarWinds.

2. The ManageEngine NetFlow Analyzer

The ManageEngine NetFlow Analyzer gives the network administrator a detailed view of network bandwidth utilization as well as traffic patterns. The product is controlled by a web-based interface and offers an impressive number of different views on your network.

You can, for instance, view traffic by application, by conversation, by protocol, and several more options. You can also set alerts to warn you of potential issues. For example, you can set a traffic threshold on a specific interface and be alerted whenever traffic exceeds it.

ManageEngine Netflow Analyzer

But most of the strength of the ManageEngine NetFlow Analyzer comes from its reports and dashboard. The tool comes with several very useful pre-built reports that are specifically tailored for specific purposes such as troubleshooting, capacity planning or billing. But you’re not stuck with built-in reports as the tool also allows administrators to create custom reports to their liking.

As for the tool’s dashboard we mentioned, it is just as impressive as its reports. It includes several pie charts with things such as top applications, top protocols or top conversations. It can also display a heat map with the status of the monitored interfaces. And as you might have guessed, dashboards can be customized to include only the information you find useful. The dashboard is also where alerts are displayed in the form of pop-ups. And for the on-the-go network administrator, there’s a smartphone app that will let you access the dashboard and reports.

The ManageEngine NetFlow Analyzer supports most flow technologies including NetFlow (of course), IPFIX, J-flow, NetStream and a few others. As a bonus, the too has excellent integration with Cisco devices, with support for adjusting traffic shaping and/or QoS policies right from the tool.

Like many competing products, the ManageEngine NetFlow Analyzer comes in two versions. The free version will be identical to the paid one for the first 30 days but it will then revert to monitoring only two interfaces of flows. While this is not much, it could be all that you need. If you want the paid version, licenses are available in several sizes from 100 to 2500 interfaces or flows with prices varying between about $600 to over $50K plus annual maintenance fees.

3. The PRTG Network Monitor

The PRTG Network Monitor from Paessler AG is an all-in-one solution whose primary purpose is monitoring bandwidth utilization. It’s also used to monitor the availability and health of different network resources. These features make it a useful tool for network administrators. The tool can monitor devices over multiple sites and it can monitor LAN, WAN, VPN and Cloud Services. Through the use of the appropriate sensor, it can also be used as a NetFlow collector and analyzer.

Installing this product is quick and easy. After running the installer, the auto-discovery process discovers devices and sets up sensors. Paessler claims you could start monitoring within two minutes os starting the installation. While this might be a slight overstatement, we were impressed by the ease and speed of installation. Although the server runs on Windows only, the user interface is web-based and can be accessed from any browser. In addition, there’s a mobile app that you can install on your smartphone or tablet.

PRTG NetFlow Sensor Screenshot

The PRTG Network Monitor can monitor pretty much anything, thanks to its sensor-based architecture. You can think of sensors as add-ons that are built right into the product, each having a specific purpose. There are sensors for HTTP and SMTP/POP3 (e-mail). As we revealed before, there’s aven a NetFlow Sensor. There are also hardware-specific sensors for switches, routers, and servers. In all, the tool has over 200 different predefined sensors.

The PRTG Network Monitor offers a selection of user interfaces. You have the choice of an Ajax-based web interface or a Windows enterprise console as well as mobile apps for Android and iOS. A nice feature of the mobile apps is that they can get alerts through push notification. Standard SMS or email notifications are also available.

The PRTG Network Monitor is offered in two versions. There’s a free version which is full-featured but will limit your monitoring ability to 100 sensors with each monitored parameter counting as one sensor. For example, to monitor each port of a 48-port switch, you’ll need 48 sensors. For more than 100 sensors, you need to purchase a license. They start at $1 600 for 500 sensors. You can also get a free, sensor-unlimited and full-featured 30-day trial version.

4. Scrutinizer

Scrutinizer from Plixer is another great NetFlow analyzer. It is actually much more than that and many view it as a full monitoring and incident response system. With its ability to monitor different flow types such as NetFlow, J-flow, NetStream, sFlow, and IPFIX, you’re not limited to monitoring only VMware equipment.

Scrutinizer Architecture

With its hierarchical design, Scrutinizer offers streamlined and efficient data collection and allows you to start small and easily scale way up to many million flows per second. The network is often first blamed whenever something goes wrong, With this tool, one can quickly find the real cause of most any network issues. The tool works in both physical and virtual environments and comes with advanced reporting features.

Scrutinizer comes in four license tiers that go from the basic free version to the full-fledged SCR level which can scale up to over 10 million flows per second. The free version is limited to 10 thousand flows per second and it will only keep raw flow data for 5 hours but it should be more than enough to troubleshoot network issues. You can also try any license tier for 30 days after which it will revert back to the free version.

5. nProbe and ntopng

nProbe and ntopng are powerful and somewhat advanced but somewhat complicated open-source tools. Ntopng is a web-based traffic analysis tool for monitoring networks based on flow data while nProbe is a NetFlow and IPFIX exporter and collector. Together, they make for a very flexible analysis package. If you’ve administered Linux networks before, you might be familiar with ntop in which case you’ll be reassured to learn that ntopng is the next-generation GUI version of that ageless tool.

ntopng host details

There’s a free community version of ntopng and you can also purchase enterprise versions. They can be expensive but they are free to educational and non-profit organizations. As for nProbe, you can try it for free but it is limited to a total of 25 000 exported flows. To go beyond that, you’ll need to purchase a license.

Like most modern network analysis tools, ntopng features a web-based user interface which can present data by traffic-such as top talkers, flows, hosts, devices, and interfaces. It has a mix of charts, tables, and graphs. most featuring drill-down options that let you explore in greater depth. The interface is quite flexible and allows for a lot of customization.

6. FlowScan

FlowScan is sort of a visualization tool that you can use to analyze NetFlow data and report on it. It can produce visual graphs which are generated in near-real-time and that show you what’s happening on your network. The tool can be deployed on GNU/Linux- or BSD-based system. It uses several other packages in order to correctly collect and process flows. For instance, Cflowd is used as the flow collector. FlowScan is actually a Perl script that makes up the bulk of the software package. This component is responsible for loading and executing reports. One last major component is RRDtool, a popular tool for storing data in round-robin databases and plotting that data on graphs, which is used to store flow information and produce useful graphs.

Sample FlowScan Graph

Network administrators often find that they have either collected too little or too much data. Flow profiling as provided by FlowScan offers a pragmatic compromise between such extremes in data collection. Because flows aggregate data collected as packets travel across a given port or interface, they can be used as sort of an abbreviation for series of packets travelling between endpoints of interest. But this feature alone is insufficient for reliable continuous use: additional software tools are needed to define, parse, and analyze these flows. Those additional tools are included with FlowScan.

Read 6 Best NetFlow Tools To Use Alongside VMware by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

7 Best SNMP Monitoring Tools For Linux

SNMP monitoring is by far the most common type of network monitoring technology. It allows administrators of networks of any size to be kept informed of the status of the networks they manage as well as their utilization. Likewise, Linus is also a very common platform that many network administrators have turned to. Although it is not yet as common in the desktop world as the commercial offerings from some mega-vendors, it is very common in the server world. Even IBM has made it its OS of choice on many of its higher-range systems.

Considering all this, it is no surprise that Linux can also be the platform of choice for network monitoring tools. Today, we’re having a look at some of the very best SNMP monitoring tools for Linux.

Best SNMP Monitoring Tools For Linux

We’ll start off our discussion by having a look at network monitoring in general and then at the specific case of using SNMP to monitor networks. Without going overly technical, we’ll do our best to explain how SNMP works, especially in the context of monitoring networks. Then, we’ll hit the core of the subject and give you a brief review of some of the very best SNMP monitoring tools for Linux.

Just so that everything is clear, we’re talking here about SNMP monitoring tools that run on the Linux operating system and not SNMP tool used to monitor Linux systems. On the other hand, nothing stops you from using a Linux-based monitoring tool to monitor your Linux machines.

About Monitoring Networks

For a network administrator, congestion is the number one enemy. If you compare a network to a highway where traffic is the network’s data, network congestion is similar to traffic jams. But unlike automobile traffic—where congestion can easily be spotted by simply looking at the road—network traffic happens within cables, switches, and routers where it’s invisible. Furthermore, it all happens at blazing speeds. Even if it was visible, it would happen too fast for us to see it. This is why network monitoring tools are so important. They provide network administrators with the visibility they need to ensure things are running smoothly. They can identify congestion or other issues, allowing administrators to take the necessary measures to address the situation.

Another important benefit of network bandwidth monitoring tools is with capacity planning. There is no way around the fact that network usage always grows over time. Just like disk space, the more you have, the more you need. While the current bandwidth of your network might be sufficient now, it will eventually need to be increased. By monitoring bandwidth usage, you’ll be able to plan the bandwidth upgrade before over-utilization becomes a problem.

SNMP To The Rescue

The Simple Network Management Protocol (SNMP) is a complex—despite a somewhat misleading name—technology that can be used to remotely monitor, configure and control many different types of networking equipment. Fortunately, you don’t have to know everything about SNMP to use it to monitor a network’s bandwidth utilization. For now, let’s just state that SNMP is used by monitoring tools to read networking devices’  interface counters and use that data to compute the bandwidth usage and graph its evolution over time. In the next section, we’ll go into more details the inner workings of the Simple Network Management Protocol, ensuring you have enough information to configure and use any SNMP network monitoring tool.

SNMP Explained

Many SNMP tutorials tend to be rather technical and tell you all about MIBs and OIDs. We don’t feel, however, that you have to know everything about SNMP to use it. It’s somewhat like a car. You don’t have to know all about how the engine works to drive one. So, our goal today is to give you just enough information so that you can understand, use, and configure SNMP network monitoring tools, not to make you an SNMP expert, which is something that will come with experience.

First things first, how does one connect and authenticate to an SNMP-enabled device? It is very simple albeit not very secure. On each SNMP device, parameters called community strings are set. You can think of community strings as SNMP passwords. There are typically two community strings configured on each device. One of them is used for read-only access while the other will let one modify some parameters. They can have any value you want and their respective defaults are often set to “public” and “private”. While this is a simple and efficient authentication scheme, it is not secure at all as the community strings are transmitted in clear text over the network and could be intercepted and compromised. This is one reason why many administrators don’t configure read/write community strings on the devices they manage.

ALSO READ: SNMP Traps Explained – Best Tools to Receive and Handle Traps

So, let’s say that an SNMP network monitoring system connects to a network device using the read-only community string. There are many different operational parameters that can be remotely read. Of particular interest when it comes to bandwidth monitoring are a few metrics called interface byte counters. There’s a pair of them—one for input and one for output—for each network interface. They are simply incremented by the device as bits are received and transmitted on an interface. By reading these values periodically at know intervals—every five minutes is typical, the monitoring tool can compute the number of bits per unit of time–usually per second–which is exactly how bandwidth is expressed.

Concretely, here’s how it’s done: The monitoring tool will poll a device and read its counters. Then, five minutes later, it will read the same counters again. By subtracting the previous value of the counters from the current one, the total number of bytes transferred in and out over the past five minutes is obtained. It is then a simple matter to multiply these numbers by 8–the number of bits in a byte–then divide the results by 300–the number of seconds in five minutes–to get the bits per second bandwidth utilization figures. Those figures are typically stored in some sort of database and used to plot graphs of utilization over time.

A few other SNMP values can be of interest in network monitoring. For example, there are interface input and output error counters. Similar to what’s being done with bytes in and out, these values can be used to compute the number of errors per second, a figure that tells you a lot about the general health of a network link. Other interesting metrics include CPU and memory utilization gauges.

The Top SNMP Monitoring Tools For Linux

1. ManageEngine OpManager

The ManageEngine OpManager is a powerful all-in-one network monitoring tool which offers comprehensive network monitoring capabilities that help you keep an eye on network performance, detect network faults in real-time, troubleshoot errors, and prevent downtime. The tool supports various environments from multiple vendors and can scale to fit your network, regardless of its size. It will let you monitor your devices and network and gain complete visibility and control over your entire network infrastructure. Installation and setup of this product are both quick and easy. You can get it running in under two minutes. It requires no complex installation procedures and comes bundled with databases and web servers.

ManageEngine OpManager Dashboard

The ManageEngine OpManager constantly monitors network devices’ performance in real-time via live dashboards and graphs. It examines several critical operational metrics such as packet loss, errors and discards, etc. It will also monitor performance metrics like availability, CPU, disk space, and memory utilization across both physical and virtual servers.

The tool can help you detect, identify, and troubleshoot network issues with threshold-based alerts. You can easily set multiple thresholds for every performance metric and get notifications. While alerting is important, reporting is just as much and it is another area where this tool shines. Intelligent reports will let you get detailed insights on network performance. There are more than 100 built-in reports. You can customize, schedule and export these out-of-the-box reports as needed.

ManageEngine claims its OpManager can be installed in less than two minutes. Once installed, the tool will discover your devices and start monitoring them without requiring any complex configuration steps. The system boasts a very intuitive graphical user interface where you’ll easily find the information you need. Reports-wise, this tool has a full complement of excellent pre-built ones and you can also create custom reports to better suit your needs. Alerting in this product is excellent and at par with what you’ll find in competing products.

The ManageEngine OpManager is available in the Essential edition which is better sized for small and medium businesses with up to a thousand devices at prices starting just over $700 for 25 devices. For larger organizations, there’s an Enterprise edition which can scale up to ten thousand devices. Its price starts at under $20k for 500 devices. Prices for either edition vary according to the number of monitored devices and a free 30-day trial is available.

2. Observium

Observium is another excellent monitoring platform with auto-discovery. It supports a broad range of device types, platforms and operating systems including, products from vendors such as Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp. You probably can’t find a network device that’s not supported. The product’s main goal is to provide a beautiful, intuitive, and simple yet powerful user interface showing the health and status of your network.

Observium Screenshot

Observium offers far more than just bandwidth monitoring. There is, for instance, an accounting system that will measure total monthly bandwidth usage in the 95th percentile or in total transferred bytes. It also has an alerting function with user-defined thresholds. Furthermore, Observium integrates with other systems and can pull their information and display it within its interface.

A great characteristic of Observium is how easy it is to set up and how it almost configures itself. Although there doesn’t appear to be a download section on the website, there are detailed installation instructions for several Linux distributions that do include the links to get the right package for each distribution. The instructions are very detailed and installing the software should be easy.

The product is available in two versions. There’s the Observium Community is which available for free to everyone. This version receives updates and new features twice a year. There’s also the Observium Professional which has additional features and comes with daily updates. Both versions only run on Linux.

3. LibreNMS

LibreNMS is an open-source port of Observium and as such, it is a very interesting network monitoring platform. It is a fully-featured network monitoring system that provides a wealth of features and device support. Among its best features is its auto-discovery engine. It doesn’t only rely on SNMP to discover devices. It can automatically discover your entire network using CDP, FDP, LLDP, OSPF, BGP, SNMP and ARP. Talking about the tool’s automation features, it also has automatic updates so it will always stay current.

LibreNMS Screenshot

Another major feature of the product is its highly customizable alerting module. It is very flexible and it can sed alert notifications using multiple technologies such as email, like most of its competitors but also IRC, slack, and more. If you’re a service provider or your organization bills back each department for their use of the network, you’ll appreciate the tool’s billing feature. It can generate bandwidth bills for segments of a network based on usage or transfer.

For larger networks and for distributed organizations, the distributed polling features of LibreNMS allow for horizontal scaling to grow with your network. A full API is also included, allowing one to manage, graph, and retrieve data from their installation. Finally, mobile apps for iPhone and Android are available, a rather unique feature with open-source tools.

4. Zenoss Core

Zenoss Core may not be as popular as some of the other monitoring tools on this list but it truly deserves to be here because of its feature set and professional look. The tool can monitor many things such as bandwidth utilization, traffic flows, or services like HTTP and FTP. It has a clean and simple user interface and its alerting system is excellent. One thing worth mentioning is its rather unique multiple alerting system. It allows a second person to be alerted if the first one does not respond within a predefined delay.

Zenoss Core Dashboard

Nothing is perfect, though Zenoss Core is one of the most complicated monitoring systems to install and set up. Installation is an entirely command-line driven process. Today’s network administrators are used to GUI installers, configuration wizards and auto-discovery engines. This could make the product’s installation seem a bit archaic. Then again, this is in line with the Linux world. There is ample installation and configuration documentation available and the end result makes it worth the efforts.

5. Icinga

Icinga is yet another open-source monitoring platform. It has a simple and clean user interface and, more importantly, a feature set that rivals some commercial products. Like most bandwidth monitoring systems, this one uses SNMP to gather bandwidth utilization data from network devices. But one of the areas where Icinga particularly stands out is its use of plugins. There are thousands of community-developed plugins that can perform various monitoring tasks, thereby extending the product’s functionality. And in the unlikely event that you couldn’t find the right plugin for your needs, you can write one yourself and contribute it to the community.

Icinga Tactical Overview

Alerting and notification also among Icinga’s great features. Alerts are fully configurable in terms of what triggers them and how they are transmitted. The tool also features what is referred to as segmented alerting. This feature will let one send some alerts to one group of users and other alerts to different people. This is nice to have when you monitor different systems managed by different teams. It can ensure that alerts are transmitted only to the proper group to address them

6. Nagios

There are two versions of Nagios available. There’s the free and open-source Nagios Core and there’s the paid Nagios XI. Both share the same underlying engine but and both run under Linux the similarity stops there. Nagios Core is an open-source monitoring system that runs on Linux. The system is completely modular with the actual monitoring engine at its core. The engine is complemented by dozens of available plugins which can be downloaded to add functionality to the system. Each plugin adds some features to the core.

Nagios XI Dashboard

Preserving the modular approach, the tool’s front-ends is also modular and several different community-developed options are also available for download. The Nagios Core, the plugins and the front end combine and make for a rather complete monitoring system. There is a drawback to this modularity, though: Setting up the product can turn out to be quite a challenging task.

Nagios XI, on the other hand, is a commercial product based on the same Nagios Core engine but it is a complete self-contained monitoring solution. The product targets a wide audience from small businesses to large corporations. It is much easier to install and configure than its open-source counterpart, thanks to its configuration wizard and auto-discovery engine. Of course, this ease of setup and configuration comes at a price; literally. You can expect to pay around $2 000 for a 100-node license and about ten times as much for an unlimited one.

7. Zabbix

Zabbix is another free and open-source product but it has has a highly professional look and feel, much like you’d expect from a commercial product. But the good looks of its user interface are not its only assets. The product also has an impressive feature set. It will monitor most network-attached devices in addition to networking equipment. It would be an excellent choice for anyone in need of monitoring servers in addition to network bandwidth utilization.

Zabbix Dashboard

Zabbix uses SNMP as well as the Intelligent Platform Monitoring Interface (IMPI) for monitoring devices. You can use the software to monitor bandwidth, device CPU and memory utilization, general device health and performance as well as configuration changes, a rather unique feature within this list. This tool does way more than simple network bandwidth utilization monitoring. It also features an impressive and completely customizable alerting system which will not only send email or SMS alerts but also run local scripts which could be used to fix some issues automatically.

Read 7 Best SNMP Monitoring Tools For Linux by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

How to Measure Network Performance, Correctly

Performance is one of the most important aspects of networks. In fact, it is an important component of pretty much any system. Any network administrator knows how everyone is quick to blame the network whenever the performance of any type of network-attached device or system leaves to be desired. When that happens, it is often up to the network administrator to prove that the network is performing within specs and that the source of the performance degradation originates somewhere else.

How is it done, you may ask? Simply by measuring performance using industry-standard technologies. Today, we’re having a look at how to measure network performance.

How to measure network performance

We’ll begin by discussing network performance in general. If we’re to talk about measuring something, we certainly need to first agree on what it is that we’re trying to measure. This will bring us to our next topic—the most important one: how to measure network performance. Although there are several ways this can be done, the Simple Network Management Protocol (SNMP) is likely the most-used technology for measuring the performance of networks. So, we’ll have an in-depth look at SNMP. And last but certainly not least, we’ll have a look at some of the best tools which are currently available for measuring network performance.

About Network Performance

As eloquently defined in once sentence on Wikipedia, “network performance refers to measures of service quality of a network as seen by the customer”. There are three essential elements to that definition. The first is the “measures” part. It establishes clearly that network performance is something that has to be measured. The next important bit is the “service quality of a network”. Service quality is a generic concept but, as you’ll see, a few specific metrics are typically associated with it. The last important part of that definition is “the customer”. We’re not interested in network performance as a theoretical thing but instead at how users perceive it.

Several different factors affect perceived network performance and are generally considered important. The first two are bandwidth and throughput. There can sometimes be some confusion between these two terms. Bandwidth refers to the carrying capacity of a network. As an analogy, think of it as the number of lanes on a highway. Throughput, on the other hand, refers to the actual usage of the available bandwidth. To keep our previous analogy, think of a four-lane highway that has a bandwidth of 4 000 vehicles per hour but its current throughput is 400 vehicles per hour or 10% of its capacity.

Latency, delay, and jitter are more factor affecting the perceived performance of networks. Latency refers to the time data takes to travel from source to destination. It is mainly a function of the signal’s travel time and processing time at any nodes it traverses. It is a physical limitation that cannot be reduced. Delay, on the other hand, can sometimes be improved. It has to do with the time it takes for networking equipment to process, queue, and forward data. Faster, more powerful equipment will generally add less delay to the transmission. As for jitter, it refers to the variation in packet delay at the receiving end of the conversation. Real-time or near-real-time traffic is particularly affected by it as it can cause data packets to arrive out of sequence. In the case of voice over IP, for example, this could result in unintelligible speech.

Many other factors can also affect network performance. The error rate is one of them. It refers to the number of corrupted bits expressed as a percentage or fraction of the total sent.

Measuring Network Performance

How does one go about measuring performance from a true user’s perspective? Well, there is, of course, the possibility of having real users running tests but this can tend to be rather impractical. The next best thing is using a network performance testing system that uses probes deployed at strategic locations throughout your network and that can run actual simulation tests between each other to measure true performance using specific types of traffic. This, however, can also tend to be impractical as it requires some preliminary setup. It won’t be of much assistance to help troubleshoot a sudden issue.

A simpler SNMP-based network monitoring system is often a better solution. While it may not be as practical, it can give administrators a rather clear view of the network’s utilization. Good systems will also report on most perfromance-affecting factors such as latency, delay, jitter and errors.

ALSO READ: 6 Best Network Management Tools that Track Performance

The Simple Network Management Protocol

Despite its misleading name, the Simple Network Management Protocol, or SNMP, can turn out to be rather complex. Fortunately, you don’t have to be an expert and know all about it to use it. At its base, SNMP is a communication protocol that specifies how an SNMP management system can read and write operational parameters in remote devices. The parameters are referred to as OIDs—for Object Identifiers. Some of the interesting OIDs, from a monitoring standpoint, are those that contain critical metrics such as bandwidth utilization, for example. When monitoring networking devices, two OIDs are of particular interest, the bytes out and the bytes in counters associated with each interface. These counters are automatically incremented by the network devices as data is output and input.

Dating back to a time when IT security was not an issue, SNMP only has minimal security. An SNMP manager connecting to an SNMP-enabled device will transmit a “community string” with its request. If the string matches that configured in the equipment, the request will be carried out. Devices typically have two community strings configured, one for read-only OIDs and one for modifiable ones.

Here’s how most monitoring systems use SNMP to monitor bandwidth utilization. They periodically read the bytes in and out counters of a networking device’s interfaces at know intervals, with five minutes being a typical value. They then store the fetched values in some sort of database or disk file. The rest of the process is simple maths. The monitoring system subtracts the previous counter value from the current one to get the number of bytes transmitted or received in five minutes. It can then multiply that number by eight to get the number of bits and divide it by 300–the number of seconds in five minutes–to get the number of bits per second. This information is typically plotted on a graph showing its evolution in time and stored in a database.

The Top Tools To Measure Network Performance

1. SolarWinds Network Performance Monitor (FREE TRIAL)

SolarWinds enjoys a solid reputation for making some of the best network and system administration tools. Many of the company’s products have received rave reviews and are considered among the very best in their respective fields. But SolarWinds is also famous for its free tools, smaller tools which address a specific need of network administrators. Two good examples of those free tools are the Real-time Bandwidth Monitor and the Kiwi Syslog Server.

For monitoring networks, though, what you need is the SolarWinds Network Performance Monitor (NPM), which is primarily an SNMP monitoring tool. At its core, it offers comprehensive fault monitoring and performance management using SNMP and it is thereby compatible with most equipment. It also comes with many advanced features such as its NetPath feature lets you view the critical network path between any two monitored points on your network. It can also automatically generate intelligent network maps.

SolarWinds NPM - Network Summary

Other features of the NPM include advanced alerting and the tool’s PerfStack performance analysis dashboard. The Network Insights functionality is another advanced feature which allows for complex device monitoring. The tool can monitor Software Defined Networks (SDN) and has built-in Cisco ACI support as well the ability to monitor wireless networks and to generate network performance baselines. The SolarWinds Network Performance Monitor is a highly scalable tool that can be used on any network from the smallest to the largest.

The SolarWinds Network Performance Monitor’s pricing structure is quite simple. Licensing is based on the number of monitored elements. Five licensing tiers are available for 100, 250, 500, 2000, and unlimited elements at prices ranging from $2 955 to $32 525, including the first year of maintenance.

If you’d rather give the tool a test run before committing to a purchase, a free 30-day trial version can be obtained.

2. PRTG Network Monitor

The PRTG Network Monitor from Paessler AG is an agentless network monitoring system. Paessler claims that the PRTG Network Monitor can be set up in a couple of minutes. Our experience shows that it can take a bit more than that but that it is still very easy and quick, thanks to an auto-discovery feature that will scan your network, find devices, and automatically add them. The tool uses a combination of Ping, SNMP, WMI, NetFlow, jFlow, sFlow, but can also communicate via DICOM or the RESTful API.

PRTG Dashboard - Datacenter Monitoring

One of the strengths of the PRTG Network Monitor is its sensor-based architecture. You can think of sensors as add-ons to the product except that they are already included and don’t need to be added. There are add-ons for virtually anything. For example, there are HTTP, SMTP/POP3 (e-mail) application sensors. There are also hardware-specific sensors for switches, routers, and servers. In all, there are over 200 different predefined sensors that retrieve statistics such as response time, processor, memory, database information, temperature or system status from the monitored devices.

The PRTG Network Monitor offers a selection of user interfaces. The primary one is an Ajax-based web interface. There’s also a Windows enterprise console as well as mobile apps for Android and iOS. One nice feature of the mobile apps is that they can use push notification of any alerts triggered from within PRTG. More standard SMS or email notifications are also available. Although the server only runs on Windows, it can be administered from any device with an Ajax-compatible browser.

The PRTG Network Monitor is offered in two versions. There’s a free version which is full-featured but will limit your monitoring ability to 100 sensors. Note that each monitored parameter counts as one sensor and, for example, monitor 24 interfaces on a network switch will use up 24 sensors. If you need more than 100 sensors, you must purchase a license. Their prices start at $1 600 for 500 sensors. You can also get a free, sensor-unlimited and full-featured 30-day trial version.

3. ManageEngine OpManager

The ManageEngine OpManager is a complete management solution that will address most monitoring needs. The tool can run on either Windows or Linux and it is loaded with excellent features. For instance, its auto-discovery feature can graphically map your network, giving you a uniquely customized dashboard.

The tool’s dashboard is another one of its strong points. It is super easy to use and navigate and has drill-down functionality. If you’re into mobile apps, they are available for tablets and smartphones and will allow you to access the system from anywhere. Overall, this is a very polished and professional product.

ManageEngine OpManager Dashboard

Alerting in OpManager is another of the product’s strengths. There is a full complement of threshold-based alerts that will help detect, identify, and troubleshoot network issues. Multiple thresholds with various notifications can be set for every performance metric.

If you want to try the ManageEngine OpManager, get the free version. It is not a time-limited trial version. It is, instead, feature-limited. It won’t, for instance, let you monitor more than ten devices. While this might be sufficient for testing purposes, it will only suit the smallest networks. For more devices, you can choose between the Essential or the Enterprise plans. The first will let you monitor up to 1 000 nodes while the other goes up to 10 000. Pricing information is available by contacting ManageEngine’s sales.

4. WhatsUp Gold

WhatsUp Gold is another well-known name in the field of monitoring tools. It used to be an up-or-down type of monitoring tool but it has evolved into a full management tool with proactive monitoring for network traffic, applications, virtual environments, and device configurations. Today, this tool has almost everything you can expect from an enterprise-grade monitoring tool, and it’s all available via a very intuitive GUI.

WhatsUp Gold features an auto-discovery engine that will find your devices and add them to the monitoring console. It will not only find your networking equipment but also physical servers, virtual servers, cloud servers, and applications. There’s even a map view that’s clickable for more information on each device.

WhatUp Gold Traffic Analysis Dashboard

WhatsUp Gold also has an excellent alerting system to let you know about problems before users notice them. Through the tool’s Alert Center, you can opt to use predefined thresholds or set them as per your specific needs. The alerting system lets you create action policies which define what happens when a monitored parameter changes state. Alerts can be transmitted by email, SMS, Slack, or IFTTT posts. The system can also restart services and trigger web alarms.

While a free edition of WhatsUp Gold is available, it is limited to monitoring a maximum of five devices. For more devices, paid licenses are available in three levels of increasing functionality with a pricing structure based on the number of devices to be monitored. There’s also a free, full-featured trial version that you can use for a limited time.

5. Observium

Observium is a low-maintenance monitoring platform with auto-discovery. It supports a wide range of device types, platforms and operating systems including, among others, Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp. I doubt that you can find a WAN router that’s not supported. Observium’s primary focus is providing a beautiful, intuitive, and simple yet powerful user interface showing the health and status of your network.

Observium Screenshot

Observium has more than just bandwidth monitoring. For instance, there’s an accounting system that will measure total monthly bandwidth usage in the 95th percentile or in total transferred bytes. It also has an alerting function with user-defined thresholds. Furthermore, Observium integrates with other systems and can pull their information and display it within its interface.

Observium users love how easy it is to set up and how it almost configures itself. Although there doesn’t appear to be a download section on Observium’s website, there are detailed installation instructions for several Linux distributions that do include the links to get the right package for each distribution. The instructions are very detailed and installing the software should be easy.

The product is available in two versions. There’s the Observium Community is which available for free to everyone. This version receives updates and new features twice a year. There’s also the Observium Professional which has additional features and comes with daily updates. Both versions only run on Linux.

6. Zabbix

Zabbix is another free and open-source product which has a highly professional look and feel, much like you’d expect from a commercial product. But the good looks of its user interface is not its only asset. The product also boasts an impressive feature set. It will monitor most network-attached devices in addition to networking equipment. It would be a good option if you want to monitor servers in addition to your WAN circuit’s bandwidth.

Zabbix Dashboard

Zabbix uses SNMP as well as the Intelligent Platform Monitoring Interface (IMPI) for monitoring devices. You can use the software to monitor bandwidth, device CPU and memory utilization, general device health as well as configuration changes. As you can see, it does way more than simple WAN monitoring. The product also features an impressive and completely customizable alerting system. It will not only send email or SMS alerts but also run local scripts which could be used to fix some issues automatically.

Read How to Measure Network Performance, Correctly by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter