With viruses and malware often consuming out of the ordinary amounts of bandwidth, monitoring bandwidth utilization can also be invaluable in identifying security anomalies.
By monitoring bandwidth utilization, it is possible to:
- Determine the users, applications and hosts taking up critical bandwidth
- Assist with identifying unauthorized applications
- Ensure business-critical applications receive enough bandwidth
How to Monitor Bandwidth Utilization
Network bandwidth is typically monitored by tools that use software technologies like SNMP, packet sniffing and flow monitoring, or through hardware probes. While SNMP, sniffing and probes can show bandwidth utilization, administrators need to have better insights into which applications, protocols and users are consuming bandwidth. This information can be comprehensively provided by flow monitoring tools.
Monitoring tools are based on a “flow”, which a series of network packets sharing common characteristics like source IP and port, destination IP and port, Type of Service, protocol etc. Cisco’s NetFlow flow monitoring protocol, for instance, defines a 7-ple key, with 7 characteristics that define a flow.
Packets with identical values in all 7 fields are considered one flow, while the difference of even a single value makes up a new flow. NetFlow is enabled on an interface basis in devices. The devices collect the flow data, and export it as UDP packets to an analyzer, which then analyzes and classifies data to highlight bandwidth monitoring, bandwidth usage, billing, security issues and capacity planning.
While NetFlow is the most widely used flow monitoring protocol, Juniper’s proprietary jFlow, and the multi-vendor technology sFlow are also used to monitor network bandwidth. jFlow is a technology similar to NetFlow, with just one difference. jFlow samples each ingress flow, while NetFlow samples data flow on both the ingress and egress interfaces on the device. sFlow, on the other hand, is a packet sampling technology that samples 1 in every Nth packet that passes through the interface.
Bandwidth Utilization Monitoring with WhatsUp Gold
WhatsUp Gold provides comprehensive bandwidth utilization monitoring with detailed insight into how bandwidth is being consumed. By leveraging a variety of technologies across vendors, including Cisco NetFlow, NetFlow-Lite and NSEL, Juniper J-Flow, sFlow and IPFIX protocols, WhatsUp Gold can convert raw data from these protocols into meaningful data showing bandwidth utilization.
WhatsUp Gold uses the data from flow-enabled devices to monitor bandwidth utilization as by users, applications, protocols and connections. Real-time automatic classification of traffic according to type and protocol allows instant tracking and resolution of network congestion issues. By monitoring bandwidth, administrators can plan for spikes in usage, identify bandwidth-hogging applications and users (by IP address) and ensure business-critical applications get the requisite amount of bandwidth. Billing accounts from service providers, which are typically based on peak utilization, can be verified through 95th percentile reporting (a widely used calculation to measure regular and sustained bandwidth utilization). Validate that business-critical applications get the bandwidth allotted to them by monitoring Cisco NBAR and CBQoS.