- Database and Business Intelligence
- Desktop Management
- Disaster Recovery and High Availability
- Enterprise Application Development
- Identity Management
- IT Automation and Service Management
- IT Management
- IT Monitoring
- Messaging
- Networking
- Security and Compliance
- Storage Management
- Unified Communications
- Virtualization and Application Deployment
- Windows Administration
-
NEED HELP?
-
Visit our FAQ if you run into problems downloading our eBooks. If you are wondering why all of the chapters aren't available for some of the eBooks, we'll explain it here!
-
PAGE FEEDBACK
- Having a problem with this page? Please let us know!
by Chris Hampton
Network performance is often more about the art of perception rather than the science of bits and bytes. As an SMB owner, you thought you had taken all the right steps in planning the bandwidth requirements for your business. You even went the extra mile and worked with your ISP to set up Quality of Service (QoS) for high-priority traffic. Still you are faced with complaints that claim access to important partner Web sites and critical order uploads are too slow and must be addressed. Should you order additional bandwidth? Were your estimates of planned usage versus bandwidth really that far off? What is going on with the network utilization?
What is missing is a way for you to gain visibility into the flow of traffic coming in and out of your network. A network flow is technically defined as a “unidirectional sequence of packets from a source device to a destination device” all sharing the following values:
- Source IP address
- Destination IP address
- Source port
- Destination port
- IP
- Ingress interface
- IP type of service
By utilizing automated classification of network traffic flows by type and protocol, you can begin to build a picture of bandwidth utilization. Flow visibility at the type and protocol level also allows analysis of bandwidth without the painful process of reviewing individual network packets. Broad support for vendor network flow records such as NetFlow, JFlow, and SFlow records from Cisco, Juniper, and HP provide you with visibility into real-time usage as well as historical network trends.
NetFlow, JFlow, and SFlow
Flow protocols such as NetFlow and JFlow track every packet as it travels across the monitored interface while SFlow uses a sampling algorithm where every nth packet is recorded. Which type should you use? For high security and compliance environments, NetFlow and JFlow are where you need to be. If all you need is a way to determine who is hogging the network bandwidth, the SFlow protocol will suffice.
Consider layering flow classification with identification of top talkers and top listeners to narrow in on who is over-subscribing the use of the network. When traffic flows are recorded, the flows are divided by the direction of the flow: source to destination (inbound) and destination to source (outbound). Top talkers tracks the outbound—devices sending the most data over the network. Top listeners tracks the inbound—source hosts that are receiving the most data. By analyzing top type reports, you can build detailed top conversation views of which endpoints are taking up the most network bandwidth.
Many times, top type reports will also provide a wealth of information into unauthorized applications, spyware, and non-business-related Internet usage. For example, in the Top Conversations report below, high bandwidth utilization is observed between the iTunes site and an accounting PC.
With this information in hand, you can begin to address the performance issues by updating your Web filtering tool or enabling additional blocked categories to minimize the use of bandwidth for non-business traffic.
Additional flow management reports based on Type of Service (ToS) can be used to validate the configured QoS in place for a specific application traffic type. QoS refers to bandwidth resource reservation controls for a specific traffic type. For example, to maintain an acceptable quality for the SMB’s Voice over IP (VoIP) system, a range of 21 to 320kbps of guaranteed priority bandwidth is required per call. After the initial QoS settings are applied, information gathered over a month’s usage along with the real-time view of traffic flow will help you better understand how your business network is used each day. By seeing the big picture, you can adjust your QoS model and provide a higher level of network quality on a consistent basis.
With real-time flow visibility, you can determine the mystery behind bandwidth utilization. Continued review of traffic flow data across your network at regular intervals in conjunction with well-planned threshold alerts will help you quickly detect traffic anomalies, which are often a sign of computer virus outbreaks or malicious software.
About the Author
Chris Hampton, is a professional IT consultant based in Englewood, Colorado. With nearly 12 years in information technology, Chris has developed extensive experience in systems administration, engineering, and architecture specializing in VMware, Citrix, and Microsoft remote application and virtualization technologies. He has traveled extensively teaching for VMware. Chris has also contributed to the authorship of the recent The Authorized Guide to Citrix XenApp Platinum Edition (McGraw-Hill Publishers). He is currently working with the latest virtualization technologies on numerous consulting engagements. Chris holds some of the industry’s highest technical certifications from VMware, Citrix, and Microsoft in the areas of server-based computing and virtualization.
If you found this tip helpful, consider downloading the following book:
 |
Follow Realtime on Twitter
Watch Realtime on YouTube
Add the Realtime RSS FeedSign up for our Realtime Nexus newsletters and book alerts and discover when new books on your favorite IT topics are available!
- © 2012 Realtime Publishers
- // Google Analytics Tracking