Network performance monitoring
is the process of collecting, storing, and analyzing network statistics. The most common parameters for monitoring network performance are as
, or network traffic accounting, is the amount of data
through an interface in a given amount of time. Throughput is typically
in units of kilobits per second (kbps), megabits per second (Mbps), and gigabits per second (Gbps). The value of throughput depends on various factors and is always changing. For example, the throughput of a Fast Ethernet interface can range from 0 to 100 Mbps.
, or delay, is the amount of time it takes a packet to traverse from source to destination. Latency is often expressed in
(ms). Round-trip time (RTT) is also referred to as latency.
is the variation in latency and is important for real-time applications such as Voice over IP (VoIP).
is the number of packets lost during a measured time period.
CPU and memory utilization
of a network device are affected by the internal processes that are handling the data. A network denial of service (DoS) attack often causes CPU and memory utilization to increase. On the other hand, low or no CPU utilization can
that the device is not receiving data.
Hard drive space
on network servers gets filled quickly. Additionally, a lack of free space can affect the performance of operating systems.
Typically, performance-monitoring systems use the Simple Network Management Protocol (SNMP) to communicate with the monitored
. Using SNMP, the performance-monitoring system regularly
hosts and collects performance-parameter samples. The samples are then stored in a central database for analysis and reporting, such as historical trending. The Netadmin can use these trending
to do the following:
Create a network performance baseline
Predict or identify network performance issues
Perform capacity planning for future needs
Troubleshoot network issues and identify the source of outages
SNMP, defined in RFC 1157, is an
protocol used for monitoring and managing network devices. SNMP, which works on the client/server model, uses UDP ports 161 and 162 for communications. Essentially, the SNMP framework defines the following four
A central control and monitoring system that uses SNMP commands to control SNMP clients. The SNMP manager, often called a network management system (NMS), can be a workstation or a server running the SNMP-capable network management application. The SNMP manager polls the SNMP
to gather information.
An SNMP-capable client that can be managed by the SNMP manager. Network devices
have embedded SNMP
in the operating system. In addition to responding to polling by the SNMP manager, the client can arbitrarily send SNMP messages, called
Management Information Base (MIB)—
A collection of parameters that can be managed by the SNMP manager. MIBs are ASCII text files that are defined in structured and standard format.
Object identifiers (OID)—
The objects in an MIB are organized and uniquely identified by OIDs that are defined by the Internet Engineering Task Force (IETF) and other organizations. Objects can refer to a physical device (such as a chassis or motherboard), software parameter (such as an IP address), or operational statistics (such as the number of packets passed or the temperature). OIDs can be expressed as
or can be mixed. Cisco Systems was assigned the OID of 9, so most OIDs for items that are specific to Cisco platforms start with 220.127.116.11.4.1.9.
Figure 6-1 illustrates the various components of SNMP and their operation.
Figure 6-1. SNMP Operation
SNMP has three different versions. SNMPv1 is defined in RFC 1157, whereas SNMPv2c is defined in RFCs 1901, 1905, and 1906. SNMPv3, defined in RFCs 2273-2275, provides better security than previous versions because it features authentication and encryption. Both SNMPv1 and SNMPv2c use a text string for security. This text string, which should be defined on both the agent and the manager, is called
Although SNMPv3 is more secure, SNMPv2C is the most widely used version.
tool, available from http://www.net-snmp.org, is an
utility for querying the SNMP agent through the Windows or Linux command line.