| Network performance monitoring is the process of collecting, storing, and analyzing network statistics. The most common parameters for monitoring network performance are as follows: Throughput, or network traffic accounting, is the amount of data flowing through an interface in a given amount of time. Throughput is typically expressed in units of kilobits per second (kbps), megabits per second (Mbps), and gigabits per second (Gbps). The value of throughput depends on various factors and is always changing. For example, the throughput of a Fast Ethernet interface can range from 0 to 100 Mbps. Latency, or delay, is the amount of time it takes a packet to traverse from source to destination. Latency is often expressed in milliseconds (ms). Round-trip time (RTT) is also referred to as latency. Jitter is the variation in latency and is important for real-time applications such as Voice over IP (VoIP). Packet loss is the number of packets lost during a measured time period. CPU and memory utilization of a network device are affected by the internal processes that are handling the data. A network denial of service (DoS) attack often causes CPU and memory utilization to increase. On the other hand, low or no CPU utilization can indicate that the device is not receiving data. Hard drive space on network servers gets filled quickly. Additionally, a lack of free space can affect the performance of operating systems.
Typically, performance-monitoring systems use the Simple Network Management Protocol (SNMP) to communicate with the monitored hosts. Using SNMP, the performance-monitoring system regularly polls the monitored hosts and collects performance-parameter samples. The samples are then stored in a central database for analysis and reporting, such as historical trending. The Netadmin can use these trending reports to do the following: Create a network performance baseline Predict or identify network performance issues Perform capacity planning for future needs Troubleshoot network issues and identify the source of outages
SNMP, defined in RFC 1157, is an application-layer protocol used for monitoring and managing network devices. SNMP, which works on the client/server model, uses UDP ports 161 and 162 for communications. Essentially, the SNMP framework defines the following four components: SNMP manager A central control and monitoring system that uses SNMP commands to control SNMP clients. The SNMP manager, often called a network management system (NMS), can be a workstation or a server running the SNMP-capable network management application. The SNMP manager polls the SNMP clients to gather information. SNMP agent An SNMP-capable client that can be managed by the SNMP manager. Network devices generally have embedded SNMP agents in the operating system. In addition to responding to polling by the SNMP manager, the client can arbitrarily send SNMP messages, called SNMP traps. Management Information Base (MIB) A collection of parameters that can be managed by the SNMP manager. MIBs are ASCII text files that are defined in structured and standard format. Object identifiers (OID) The objects in an MIB are organized and uniquely identified by OIDs that are defined by the Internet Engineering Task Force (IETF) and other organizations. Objects can refer to a physical device (such as a chassis or motherboard), software parameter (such as an IP address), or operational statistics (such as the number of packets passed or the temperature). OIDs can be expressed as numbers or names or can be mixed. Cisco Systems was assigned the OID of 9, so most OIDs for items that are specific to Cisco platforms start with 1.3.6.1.4.1.9.
Figure 6-1 illustrates the various components of SNMP and their operation. Figure 6-1. SNMP Operation 
SNMP has three different versions. SNMPv1 is defined in RFC 1157, whereas SNMPv2c is defined in RFCs 1901, 1905, and 1906. SNMPv3, defined in RFCs 2273 2275, provides better security than previous versions because it features authentication and encryption. Both SNMPv1 and SNMPv2c use a text string for security. This text string, which should be defined on both the agent and the manager, is called community. Although SNMPv3 is more secure, SNMPv2C is the most widely used version. The snmpwalk tool, available from http://www.net-snmp.org, is an excellent utility for querying the SNMP agent through the Windows or Linux command line. |
