Network monitoring is used to analyse and monitor network activity. It provides information for faultfinding and establishing the most appropriate corrective and preventive actions when downtime or network latency compromise network performance and quality of service.
There are three general motives for network monitoring:
- Network monitoring is used to identify and report where a problem originates. It pinpoints the issue in one of three potential layers:
- Network monitoring improves the quality of experience (QOE) for all network users, primarily customers. QOE is a measure of a user’s experience with a service, such as a phone call or web browser.
- Network monitoring reduces the mean time to resolution (MTTR) for network issues. This benefits enterprises financially as their services are up and running quicker.
There are many technologies to facilitate network monitoring. They include test access points (TAPs), switched port analysers (SPANs), and packet brokers/aggregators. Such devices gain access to network traffic and continually capture data on the network in order to pinpoint and diagnose network and application issues.
Test Access Point (TAP)
TAPs pass a copy of network packets to a monitoring tool (e.g. forensics, voice monitor) without changing the network traffic flow.
There are several types of optical TAPs, including breakout, aggregating, full-duplex, and high-density TAPs.
- Breakout TAPs consist of four ports to collect and monitor traffic from a single network segment. This allows examination and analysis without disturbing the network.
- Aggregating TAPs enable monitoring from multiple segments and aggregate all of the information to a single monitoring port.
- Full-duplex TAPs work with two-way traffic and ensure visibility. They never drop packets or filter out physical layer errors from the monitoring device and are completely passive.
- High density optical TAPs allow 24 fibre links to be ‘tapped’ in only 1U of rack space. The chassis allows both multimode and single mode optical TAPs to be deployed.
Switched Port Analyser (SPAN)
SPANs send a copy of network packets from the main data traffic to the monitoring tool in order to analyse, debug, or diagnose errors on a network.
An aggregator ensures that TAPs and SPANs distribute network traffic from to any network performance or security tool without dropping packets.
Implementation of a packet broker/aggregator can:
- extend the life of existing network tools
- eliminate unnecessary data before it reaches the monitoring tool
- accelerate troubleshooting and reduce mean time to resolution (MTTR) by instantly re-routing traffic based on suspicious activity and other network events
- enable full utilisation of network bandwidth by simultaneously distributing traffic to multiple monitoring tools