Alternatives to flow based monitoring methods comes into the picture when your switches and other network devices do not support flow technologies such as NetFlow, sFlow, J-Flow, and IPFIX. These flow based solutions are useful for gaining visibility into trends, carrying out high-level analysis and even help in trouble shooting to some extent. However, when your network switches do not support such solutions, you require alternative tools.
In such cases, network administrators look for tools that utilize other technologies to provide some sort of an alert when the usage reaches a particularly high level. Such monitoring systems allow you to set limits, which when crossed, leads to trigging of alarms.
Flow based network monitoring technology delivers deep visibility into network traffic with much more details than its alternative technologies such as SNMP and packet sniffing. However, some level of monitoring your network switches is better than not monitoring them at all.
In case your network switches do not support monitoring via flow protocols, you can still monitor them anyway! Here’s how it is possible to do so:
How You Can Monitor NetFlow?
Option 1: Traffic monitoring using SNMP
SNMP is often used as a basic form of traffic monitoring. SNMP, which stands for Simple Network Management Protocol, supports numerous switches, routers, devices, firewalls, and servers. It was initially created as a foundation for common protocol. SNMP was intended to be used for getting insights into different aspects of the IT infrastructure components.
Network administrators use SNMP in order to gather network and bandwidth usage data.This form of traffic monitoring is utilized for servers and network devices, which include hosts, routers, and network switches. This basic protocol is effective in keeping a close watch on the traffic levels, issues that affect the uptime, usage of the bandwidth and so on.
When to use SNMP
In case network switches do not support flow protocol, and your requirement is not more than just basic traffic monitoring, than SNMP is a recommended option to be utilized. As mentioned above, this protocol is supported by a wide range of IT infrastructure components. So it is not a much expensive option for traffic monitoring, and it easily fits the bill for network administrators with tight budgetary constraints. Therefore, SNMP is usually a preferred option to monitor traffic for devices that do not support flow based monitoring.
Using SNMP requires certain configurations. It is the responsibility of the network administrator to set the configurations, which will facilitate the read in / read out from SNMP.
Benefits of using SNMP
Monitoring the status of network switches using an effective technology is important. Otherwise, there can be a situation where the switches essentially go invisible on your network, and are completely skipped from being monitored at all. To avoid such ‘unmanaged’ switches that do not show on the radar of flow based monitoring protocols, you can rely on the SNMP solution.
Network administrators can avail an elementary overview of the traffic information via SNMP. It is possible to monitor network switches on a port-by-port basis for availing clarity of bandwidth usage. Additionally, it is also possible to obtain device readings, for example, CPU load, and routing tables among many others. Of course, the pre-requisite is that the devices support SNMP.
As network switches are a critical component of the IT infrastructure, you will at least want to keep a watch on the basic parameters. However, if you are looking for a deeper level of network switch monitoring, you should consider using another option, which is, Packet Sniffing.
Option 2: Traffic monitoring using packet sniffing
Another alternative for monitoring network switches for which flow protocols do not work is using packet sniffing. It is an advanced way of traffic monitoring in comparison to SNMP. When this technology is used; it facilitates network monitoring and traffic analysis beyond the basics.
When to use packet sniffing
Packet sniffing comes into consideration if your networks do not support any of the flow based protocols to monitor traffic, and if you need to have a detailed visibility of the switches in your network. Moreover, by using this technology it is possible to single out from the several hundreds of applications in your infrastructure, which are weighing down your network with the heavy traffic. It enables you to easily identify any specific port that appears to be transferring significant amounts of data.
Network administrators can enable analyzing the data packets that are being passed over the network by connecting with the monitoring port of a switch. This will allow the detailed traffic information with graphical display of the traffic going across ports, trunks, and so on.
Benefits of using packet sniffing
The advantage of using packet sniffing is in the way it works. Similar to flow based protocols, packet sniffing reads information about traffic from the data packet’s headers. This method of traffic monitoring looks into every single data package that moves through your network. Instead of just having a high-level overview, you can be at the pulse of the network traffic.
However, there is a catch in using packet sniffing for traffic monitoring. Compared to SNMP, this technology for network switch monitoring creates more CPU and network load. The network administrator is required to take the necessary actions that effectively distributes the load and leads to optimal level of performance.
To wind it up
Depending on what you want to monitor, you can choose SNMP or packet sniffing for monitoring network switches that do not support flow protocols. However, make sure that you have performed the first-time prerequisites, such as initial configuration, installing plugins, and so on, before you continue with monitoring new network switches.
Motadata works as an end to end network performance monitoring tool.