Five Questions to Ask Yourself as You Consider Monitoring Solutions: Part 5/5
Question #5: Does It Support the Three Common Methods for Acquiring Network-Usage Data?
A comprehensive bandwidth-monitoring solution should support Packet Sniffer applications, as well as SNMP and NetFlow protocols. Each data-acquisition method has pros and cons — depending on your network configuration and your monitoring needs. That said, your bandwidth-monitoring solution should support all three methods and allow you to effectively monitor your traffic regardless of your current or future network configuration.
Here is a brief description and analysis of each method:
- Packet Sniffer: The Packet Sniffer inspects all network data packets passing a PC’s network card(s) and classifies network traffic by IP address, protocol and other parameters.
Advantage: Exact data, traffic can be accounted by IP and protocol.
Disadvantage: High load on monitoring system for high-traffic systems; network topology must be changed, so that all packets in the network are sent to the analyzing machine.
- NetFlow: The NetFlow protocol is supported by most Cisco routers to measure bandwidth usage. Although it is the most complex method to set up, it’s also the most powerful method for monitoring high-traffic networks and can classify traffic by IP address, protocol and other parameters.
Advantage: Best choice for high-traffic networks that need protocol analysis
Disadvantage: Only works with Cisco routers.
- SNMP: Simple Network Management Protocol is the most basic method of gathering bandwidth and network-usage data. It can be used to monitor bandwidth usage of routers and switches — port-by-port — as well as to perform device readings for memory and CPU load.
Advantage: Low bandwidth and CPU load caused by monitoring itself. Best choice for high-traffic networks that don’t need protocol analysis
Disadvantage: Traffic can only be monitored in totals per device/port and cannot be differentiated by protocol.
Note: Only Packet Sniffer- and NetFlow-based monitoring methods allow you to measure traffic by IP address, MAC address and/or protocol. SNMP-based measurements are strictly port-based.