Typically, people think of a network as a mass of cables linking all computers together. Technicians know that, although the cables running into the back of everyone’s desktop computers are the public image of the network, the real work is performed by network devices
Repeaters, bridges, switches, and routers are the connectors that keep the network operating. Of these, it is only the switches and routers that have onboard computing power that makes it possible to monitor them. You might also have network appliances that are physical devices implementing functions, such as firewalls, SIEM systems, and load balancers.
Being able to extract operating information from a device gives you the ability to take action to influence its performance.
You can monitor network devices by logging in to the management console of each and accessing its activity statistics. However, if you have more than two devices on your network, visiting all of them, in turn, is going to be very time-consuming. Monitoring each device individually also makes it difficult to get an overview of the network and how it fits together.
Related Post: Best Network Device Monitoring Tools
Network device monitoring fundamentals
The most important task you need to perform to monitor network devices is to automate information gathering and centralize monitoring in one tool. This reduces time and it provides better quality of information than you can get by dealing with each device individually.
If you don’t already have a centralized tool for network device monitoring, you probably use a series of spreadsheets that substitute for an automated system. You certainly need to keep a list of all the devices connecting your network. This asset inventory might be supplemented by a manually drawn network map You will also need some budget information that lets you know the price of each device and its expected service life so that you can plan for replacements at the appropriate time.
Whether or not you use a network device monitoring tool, you will already be compiling your own centralized data systems to keep track of your equipment’s existence – if not its performance.
The most fundamental task of network device monitoring is to centralize information for all devices. Automating data gathering makes that task easier and allows live monitoring to take place.
Network device monitoring task boundaries
The market for network monitoring systems is divided into two types of monitoring tools. The first of these is usually called a network performance monitoring package and the second is called a traffic analyzer, bandwidth monitor, or NetFlow analyzer.
When planning your network monitoring strategy, you need to realize that there are two tasks to work on. The first of these is to look after the devices, make sure they are operational and have sufficient capacity to deal with demand. The second task is to watch over the traffic flows on the system.
For network device monitoring, get a network performance monitor and focus on the devices rather than the traffic.
Network device documentation
The most basic information you need to hold about your network relates to the number and type of each device on the network. On top of that, you need to know the make and model, the firmware name and version, and the device’s age. This information forms a network asset inventory.
The next level of information you need to document relates to the layout of the network. This requires a detailed listing of the ports on each switch and router with information on the device connected at the other end of the cable that plugs into each port. Switch port information lets you can create a network topology map.
The result of a network device data collection exercise will be two primary repositories of information:
- Network asset inventory
- Network topology map
You can’t effectively monitor or manage any type of asset unless you know exactly what your inventory is. That record needs to be kept up to date and the easiest way to do that is through an automated monitoring tool.
Network device management
The device data and port information that you gather from all switches and routers will also include identifiers for each device. These include the MAC address of the device and the IP address assigned to it. As most networks don’t assign static IP addresses, the identifier information gets you into operational data. This catalog can then be linked to an IP address manager.
You probably already run a DHCP server for IP address allocation and a DNS server for hostname referencing within the network. However, if you sometimes experience inexplicable network errors, addressing issues might be the cause of the problem.
An IP manager coordinates with your DHCP and DNS servers to ensure that all allocated addresses are accounted for, that DNS data is up to date, that there is no address duplication, and that abandoned addresses have been returned to the pool of available addresses. The combination of DCHP, DNS, and IP address management is known as DDI.
With an asset inventory in place, you can start to standardize the settings of each type of device. This will be implemented by a network configuration manager. The firmware of all devices will also need to be kept up to date to combat recently discovered security weaknesses, so then you will need to look into buying a patch manager.
Thus, the centralized monitoring of network devices naturally leads through to network management functions. This will encourage you to install and run:
- A network configuration manager
- A patch manager
- A DDI solution
These network management tools provide task automation. They prevent errors, breakdowns, and security breaches from occurring on your network. These tools log all of their findings and activities, creating an audit trail, which is necessary for compliance with some data privacy standards.
Live monitoring of network devices
Live issue tracking is what most people consider to be the core activity of network monitoring. Remember, when considering network device monitoring, we are focused on the statuses of switches and routers rather than the circulation of traffic around the network.
The aims of network performance monitoring and network traffic analysis are a little blurred when implementing network device monitoring because the statistics that are produced in the device management console include factors such as device CPU and memory capacity and utilization and the capacity and throughput of each port.
Although it is possible to monitor network traffic capacity through a network device monitor, the most important factors you need to look at with this category of monitor are all of the services and components of a switch or router that could go wrong. This includes the functions of the operating system, which can initiate processes that then hang or get abandoned.
Network device monitoring is greatly assisted by a method of tracking issues within each piece of equipment. This can be implemented as alerts in the dashboard of a monitoring tool. Most network performance monitors are designed to offer the opportunity to set up an alert forwarding mechanism. This is a notification service and it will send an email or SMS to a member of the technical team if a problem is detected with one of the devices on the network.
The alerting system enables unattended network monitoring because you don’t need to allocate anyone to sit and watch the monitoring tool’s dashboards waiting for an alert. The notification will bring staff back to the monitoring system and provide information on an error that has been detected on one of the network devices.
Network performance monitors will also gather throughput statistics and any of these measurements can have thresholds placed on them. These thresholds also trigger alerts if crossed. This allows you to head off capacity issues before they create problems with lost or delayed packets. This activity is particularly important if you run time-sensitive applications, such as video conferencing or VoIP.
The Simple Network Management Protocol
The Simple Network Management Protocol (SNMP) is the best method available for monitoring network devices. SNMP is a reporting standard. It includes a format for a standard report message and procedures to follow to get those reports from every device on the network.
The protocol ordains two actors in the reporting system. These are:
- SNMP Manager
- SNMP Device Agent
The SNMP system is so widely respected that every producer of network devices installs an SNMP agent on each piece of equipment. In many cases, this function is turned off by default. However, this means that there is almost no work involved in deploying SNMP on your network. The problem you face is that you probably don’t have an SNMP Manager. Network performance monitors implement most of their functions by performing the role of SNMP Manager.
The common reporting format in SNMP is called the Management Information Base (MIB). This is a text-based layout with a code for each reporting value that forms a tree structure when dereferenced. An SNMP agent constantly scans the device that hosts it, looking for issues. The MIB also includes daily static information fields, such as make and model.
The SNMP reporting process is triggered by a request that is sent out by the SNMP Manager. The SNMP Manager doesn’t need to know the addresses of any of the devices on the network because the request is broadcast.
The SNMP Agent runs on a network device, so all broadcast traffic reaches it. On detecting an SNMP request, the Agent immediately sends back its current MIB. The operational data become live activity readouts in the monitor’s console.
The SNMP MIB provides the “autodiscovery” function that most network performance monitors include. Information on the device, all of its active ports, and the device connected to each port enable the monitor to compile an asset inventory and create a network topology map.
As the request and response cycle repeats continuously, the activity data shown in the console is always current. A network performance monitor will accumulate reports for each statistic and use that information to generate time-series graphs. The repeated querying also means that if any network device is added, moved, or removed, the monitor will instantly spot that change and update the asset inventory and the network map.
Under the SNMP system, an agent doesn’t need to wait to send out a MIB if it detects a serious problem. High severity issues provoke a MIB to be sent out and this proactive transmission is called a Trap. Network performance monitors interpret Trap messages into alerts.
Putting it all together
The easiest way to understand what a network device monitor does is to look at one. Auvik offers a 14-day free trial, so you don’t need to pay anything just to get a look at how a network device monitoring service works. This package also implements network traffic analysis with flow protocols – NetFlow, sFlow, J-Flow, and IPFIX – but let’s just focus on the device monitoring features here.
The Auvik system is a cloud platform and it is charged for on a subscription. You don’t have to worry about how many endpoints you need to monitor or how many sites because the company charges a flat fee regardless of those factors. The platform downloads a data collector onto one of your servers. The unit acts as an SNMP Manager and broadcasts a MIB request. The device agents send back responses and the collector uploads all of those MIBs to the Auvik server for processing.
The MIB data includes reports on each interface on each device, detailing which device is on the other end of the link. The tool is able to use the SNMP data to create a hardware inventory and a network topology map. The system also extracts device status data from the MIBs and displays these in the screen. If a device agent sends out a Trap, that is uploaded and appears in the Auvik screen as an alert.
The SNMP Request/Response cycle repeats, identifying changes in the network, which causes Auvik to update both the inventory and the map. Status data is also shown in the dashboard. Thus, the use of SNMP provides both system documentation and device status tracking.
Automated network device monitoring
As you can see, installing a network performance monitor to provide network device status tracking is a very straightforward task. Thanks to SNMP, you don’t need to write details of all of your equipment into the system – that’s all done automatically for you. You don’t need to sit and watch the monitor’s console because the notification service lets you get on with other tasks, knowing that no news is good news.
Through orchestration, you can also set up automated responses on the generation of an alert. Under this scenario, you specify a condition and a response. That response will be implemented in the form of a playbook that will run a batch job to call other software to implement a solution. It is also possible with some network performance monitoring tools to channel alerts as tickets through your Service Desk system.
As all business networks are constantly connected to the internet, you can install an SNMP forwarder on a remote site and centralize the monitoring of multiple sites in one location. The ability to transfer network device agent responses over the internet also makes cloud-based network monitoring tools feasible. When you choose a network device monitoring tool, you will need to decide whether you want an on-premises software package of a cloud-based SaaS system.
You can see our list of recommended systems in the Best Network Device Monitoring Tools.
