As enterprise networks become increasingly hybrid, today’s IT landscape is more complex than it’s ever been. Network operations (NetOps) teams must have end-to-end control across their wired, wireless, multi-platform, multi-vendor, and multi-cloud environments. Unfortunately, a recent report found that over one-third of networking professionals have poor insights across all fabrics of the network. A lack of visibility into each domain can create treacherous blind spots that prevent IT teams from effectively managing, optimizing, and troubleshooting hybrid networks.
One key to network visibility is collecting the right networking data. There are several different types, each with its own benefits and drawbacks for certain network management tasks. Let’s examine four of the major networking data types and the role they play for NetOps:
1) Flow Data – Flow data (such as NetFlow, jFlow, and IPFIX), is arguably the best data source for general network monitoring. Primarily derived from switches or routers, flow data gives NetOps teams access to details about various protocols, to and from ports, IP addresses, and more. One major advantage that flow data has over other data types is that NetOps teams can simply collect this information from switches and routers already in place on the network.
Flow data is also extremely useful when it comes to enabling network alarms and reports. For instance, it’s critical for NetOps teams’ alerts and alarms for things like voice and video degradation issues or bandwidth problems. By leveraging flow data, IT teams can identify the top bandwidth users or where voice and video performance issues are happening within their organization and conduct further investigation to determine the cause.
Although flow data is immensely useful for network monitoring, it’s not a silver bullet. For example, flow data doesn’t provide enough information for NetOps teams to conduct deep-level security analyses. Similarly, flow data is too high-level to use in deep troubleshooting for complex issues or to monitor business applications.
2) Packet Data – This is the most granular data type available to IT teams, and is used most commonly for complex troubleshooting. While flow data can be used to solve roughly 80% of today’s network troubleshooting issues, the remaining 20% require deep-level insights from packets that no other data type can provide.
Packets are often used in network management, application performance monitoring, and security analysis tools. Generally speaking, packet data is most useful when it comes to root cause analysis. Since packets provide insights down to the details of every network conversation, NetOps are armed with what they need to isolate the cause of the issue and resolve it quickly. Packets are also important when it comes to forensic analysis, enabling IT and security teams to investigate when and how a cyber criminal might’ve entered the network, what they did once they gained access, and more.
However, packets do have some tradeoffs. First, this data requires not only more advanced tools but also a higher degree of networking expertise. Additionally, NetOps teams must have access to solutions that allow them to properly store packet data over extended periods of time (which can be expensive). Smaller organizations with less IT resources and expertise often view these packet capture and analysis tools as out of reach and simply make do with less-detailed flow data, but there are some solutions that simplify the process and make packet analysis more accessible.
3) SNMP – Simple Network Management Protocol (SNMP) is an application layer protocol used for monitoring network devices. Fortunately, just about any device will generate SNMP data. However, the information NetOps is able to glean from SNMP goes beyond networking data, focusing instead of the health of devices on the network itself. For example, this data type can tell NetOps teams whether a unit is up or down, or if the temperature of the processor is abnormal. Although SNMP data provides device-specific insights instead of data on network performance, it's still a key piece of the visibility puzzle for the NetOps team.
Unlike flow data, which is collected automatically from installed routers and switches, network management solutions must regularly ping each individual device for an update in order to gather SNMP data. SNMP is also not as streamlined as flow data, so it’s an expensive operation that creates more overhead.
4) APIs – Application programming interfaces (APIs) belong in a somewhat separate category than the above data types but are still crucial when it comes to visibility for NetOps teams. An API is a set of defined methods of communication among various components used to build software. Since it’s an interface, there isn’t anything standard about it. In other words, it will be unique to each device, software, and use case. There are a few different types of APIs, but REST APIs are most common. One of the biggest benefits of APIs for NetOps involves application performance management or ensuring the effectiveness of business-critical applications.
That said, APIs are very specific in that they are only applicable to certain applications. While it is true that API data showcases the functionality of certain applications, this doesn’t provide NetOps teams with a view of what end-users are doing or experiencing on those applications, so it may not check all of the boxes.
Each of these data sources can be incredibly useful for NetOps teams, but none of them can do it all. Consequently, many organizations end up adopting a wide variety of specialized networking tools in order to access them all. Not only does this create productivity challenges from a workflow standpoint (resulting in further network blind spots), but it’s also incredibly expensive in terms of licensing, support, specialized training, etc. Luckily, some advanced network monitoring solutions offer consolidated functionality, enabling NetOps teams to see into the dark corners of each domain and better manage, optimize, and troubleshoot their hybrid networks. Regardless of whether you're using multiple point solutions or a unified network management approach, in order to achieve the level of visibility necessary in today's hybrid world, be sure you're able to collect, analyze and act upon these four networking data types.