Network analytics (NA) platforms are the latest breed of enterprise-grade tools that should be strongly considered in 2019 These platforms offer a unique mix of old network monitoring techniques combined with several new ones. Added to this is a healthy dose of deep analytics and artificial intelligence (AI) to truly provide administrators with a product that, if implemented properly, could completely change how networks are managed. These tools pull in multiple data sources, apply intelligence behind them, and find network, application and end-user performance problems by putting all the data pieces together.
The problem is, NA isn’t taking off as fast as it should. Much of this has to do with the fact that there are plenty of network administrators don’t fully understand the power these platforms can grant. The problem seems to revolve around the way network analytics is being marketed to customers. Because NA platforms can do so much – and are so flexible – platform vendors are finding it difficult to market to the masses. Other complex networking technologies have suffered a similar fate. End-to-end software defined networking (SDN) is another recent example that comes to mind.
But the bottom line is network analytics is something that everyone should at least investigate. Once you do, you’ll likely find that it’s not nearly as complex or scary as you might have thought. I’ve found the best way to approach NA research is to look at what data sources the platform is collecting. Doing so allows one to see that many of the data sources used in an NA platform are already being collected by other tools on your production network today. Additionally, when you dig into new collection sources – you begin to grasp the true power an NA platform can provide once you combine it with AI.
By analyzing network performance data from various sources, you suddenly have an automated tool that can identify the root cause to any number of network and security related problems without the need for human intervention. Who wouldn’t want that? In fact, as digital transformation (DX) grows – along with the absolute necessity that apps and service run optimally – the way you build and manage your network will need to transform as well.
Click though the slide show to look at 8 common network analytics data sources that many of today’s NA platforms collect.
(All images: Pixabay)
Simple Network Management Protocol (SNMP)
SNMP polling has been a major method for monitoring networks for the past several decades. It works by sending a request (poll) to network devices for specific information on the health of the device as well as statistics on the data passing through it. There are several drawbacks to SNMP polling including scalability issues and time gaps when collecting data points. Yet, despite SNMP’s limitations, even modern NA platforms continue to rely on the legacy protocol to help with historical baselining of interface statistics and the overall health status of the network. That said, newer streaming network telemetry data collection methods are beginning to limit the reliance on SNMP.
Authentication - RADIUS/AD
From a wireless perspective, analyzing authentication data that can uncover things such as abnormal simultaneous user connections, multiple authentication denials or continuous re-authentication requests. These types of trends can point to areas on the network where connectivity is poor, a configuration error occurred – or a security anomaly is occurring that should be investigated. This data combined with other information gathered by the wireless controller can be analyzed by the NA platform to give administrators a clear view into the overall health of the WLAN and pinpoint where problems are happening in real-time.
Syslog
For decades, network administrators have relied on syslog as a way to be altered on important events that occur on network devices. The network device log messages are commonly sent to a syslog collection server. This collection server is then configured by network administrators to not only store logs for historical purposes – but also to alert administrators (via email, text, etc.) when important messages are received. Examples of commonly alerted syslog messages include interface up/down notifications, route changes and spanning-tree recalculations. The collection of syslog data in an NA platform remains the same. The difference being this information is combined with other network telemetry data to help find the true root cause of an issue using artificial intelligence.
CLI/SSH
For network devices that utilize a command line interface (CLI) for configuration and management purposes, an NA platform can automatically and remotely login via SSH. Once connected the NA platform can be configured to run various “show” commands to pull out pertinent statistical information that other data collection methods fail to provide. This includes information such as full routing tables, detailed device health statistics and underlay health when working in virtualized networks.
Probes and remote sensors
Some network analytics platforms provide a way to deploy information gathering probes or sensors to gain even more insight into the health of the network. One method is to deploy appliance-based or virtualized probes at strategic points within the network. These probes are primarily used as a distributed packet capture tool for the purpose of collecting detailed information on data passing through. A second way is to enable additional data capturing capabilities on already deployed equipment such as network routers, firewalls, switches and wireless access points. These devices can collect data like the deployment of a probe – only instead of deploying separate physical or virtual appliances – it uses the existing network hardware and software already deployed throughout the corporate LAN and WAN.
Flow/IPFIX
There are various types of proprietary flow protocols including NetFlow, SFlow and JFlow. Additionally, IPFIX is a standards-based protocol. All of them collect similar IP traffic information including source/destination IP address, protocol/port information, QoS values and time stamps. On its own, this data can be manually analyzed to help find network incidents and configuration issues. Yet, when combined with other data streams and an AI, analysis is automated and taken to a whole new level.
DNS
While DNS may not seem like it would be very important to the overall usefulness of a network analytics platform, it provides important contextual information to help identify what devices are talking to each other – and for what purpose. Part of what an NA does is gives a much more detailed view into the data that traverses the network. If the goal is to assist with optimizing application and end user performance, the NA platform must be able to identify and categorize the various servers, apps and end-devices communicating. DNS is one such way to accomplish this identification process.
Proprietary streaming telemetry
If you purchase a network analytics platform that comes from the same vendor as the network equipment you have deployed, chances are that the NA can pull in proprietary streaming network telemetry data that other products cannot. The addition of telemetry data that one can’t gain elsewhere, combined with the convenience of a single-vendor solution may convince some to closely look at NA products being sold by their trusted network vendor.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
Maintaining existing network infrastructures often incurs huge technical debt before newer technologies are adopted over time.
Amid ongoing regional uncertainties, telecom infrastructure in the Middle East has expand to include terrestrial low-latency network infrastructure, which offers resilience and agility in navigating political complexities without relying solely on undersea networks.
