Cisco Network Monitoring: 6 Best Practices
In this article, you'll learn what Cisco Network Monitoring is, followed by a discussion on the tips and tricks for getting the most out of Cisco networks.
Join the DZone community and get the full member experience.Join For Free
It's often said that your network is the backbone of your IT infrastructure, underlying every other part of your enterprise IT. If your Cisco network infrastructure goes down or is experiencing performance issues, it's crucial that you have a real-time solution to identify and resolve the problem as soon as possible.
But what does such a solution look like when it comes to Cisco networks? In this article, we'll discuss six best practices for Cisco network monitoring, network management, and troubleshooting, so that you're always getting the highest network performance possible.
What Is Cisco Network Monitoring?
Network monitoring refers to a set of tools and practices that allow your network administrators to manage and oversee your enterprise network. By alerting you when things go wrong, network monitoring tools ensure that your routers and other network devices are functioning at optimal conditions and that you continue to offer an acceptable QoS (quality of service).
The reasons you need a strong, powerful network monitoring and management system in place include:
- Improving network connectivity and increasing bandwidth
- Strengthening network security through firewalls, SIEM, etc.
- Deploying applications and services faster
- Providing a top-notch experience for end-users
- Minimizing network downtime
Cisco network monitoring involves using monitoring and management tools to oversee your network traffic and properly configure your Cisco devices. Below, we'll discuss many Cisco network monitoring tips and tricks that are specific to Cisco systems.
1. Understanding FCAPS
When it comes to network management and monitoring—Cisco or otherwise—you need to have a solid understanding of your primary objectives. The FCAPS model offers a framework that outlines the most important requirements for network monitoring and management:
- Fault management: Identifying and correcting "faults" (i.e. errors or unexpected events), as well as identifying potential future issues.
- Configuration management: Storing and monitoring system configurations, simplifying and making changes if necessary, and anticipating future changes.
- Accounting: Monitoring network usage and billing individual users, teams, departments, and units appropriately; may be replaced with "administration" for networks that do not bill users.
- Performance management: Guaranteeing that network performance remains within acceptable levels by collecting data such as throughput and utilization.
- Security management: Ensuring restriction of access to certain resources to the appropriate users and user groups.
2. Choosing the Right Metrics
When it comes to understanding the traffic flows in your Cisco network, not all data is created equal. By selecting the best performance monitoring metrics and key performance indicators (KPIs), you'll be able to identify hidden trends, make smarter predictions, and resolve anomalies and performance issues faster.
Metrics are raw data collected from sources such as hardware, sensors, and applications, usually on a periodic or regular basis. The categories of network performance metrics include:
- Host metrics about the performance of an individual computer (e.g. CPU, disk, and memory usage).
- Application metrics about the performance of an individual application (e.g. response time, error rate, request rate, failure rate).
- Network performance metrics (e.g. packet loss, availability, connectivity, throughput).
- Special events that are not triggered at regular intervals.
Of course, deciding which metrics and KPIs to monitor and collect is just the first step. You also need to answer questions such as:
- What is the appropriate interval over which to examine the data? Certain performance issues can easily be concealed within the data if the time interval is too large, hiding them behind the noise. On the other hand, time intervals that are too small can cause strain on performance and occupy too much storage.
- How long should you store the data? For some metrics, storing data long-term is essential in order to have a baseline point of comparison, or to identify anomalies or trends such as seasonality. You should weigh the need to preserve this information against the need to free up storage for fresher collections of data.
3. Configuring SNMP and syslog
Choosing the right metrics is a must-have for any network monitoring solution—but how do you actually collect the underlying information for these metrics?
SNMP (Simple Network Management Protocol) is an application-layer standard protocol for exchanging information between network managers and network agents. Cisco devices commonly use SNMP. For example, you can set up an alert called an "SNMP trap" to be sent from a remote network agent (e.g. a Cisco router or server) to a centralized SNMP manager.
To have your Cisco routers and switches exchanging information, you can enable and configure SNMP for your Cisco devices. Note that while SNMP is still widely used on Linux, Microsoft has deprecated SNMP for the Windows 10 operating system due to certain security risks. Instead, Windows users should switch their use of SNMP protocols to the Common Information Model (CIM).
In addition to SNMP, you can also use the syslog logging mechanism to capture data from Cisco network devices. The syslog protocol contains information such as device status, warnings, errors, and events, and is used to carry this data from individual network devices to a centralized syslog server.
4. Using Cisco NetFlow
Cisco NetFlow is one of the most valuable tools in your arsenal for monitoring your Cisco network. NetFlow is a Cisco network monitoring tool that assembles information on network traffic and monitors your network flow. The full list of data collected by NetFlow includes:
- Source and destination IP addresses
- Input and output interface numbers
- TCP/UDP source port and destination ports
- Number of bytes and packets in the flow
NetFlow is available for Cisco IOS routers; Cisco recommends that "NetFlow should be deployed on edge/aggregation router interfaces for service providers, or WAN access router interfaces for enterprise customers." When designing your NetFlow data collection strategy, take into account your network topology and routing policy—for example, to avoid collecting duplicate flows.
5. Bolstering Network Security
No matter who you are or what your Cisco network looks like, improving network security is a crucial best practice. Users should already practice the basics of good network security hygiene—for example, by using a VPN (virtual private network), which offers secure remote access to the corporate network.
In particular, Cisco ASA (Adaptive Security Appliance) is a family of network security devices that has been purpose-built for corporate networks and data centers. Cisco ASA acts as a force multiplier: It combines the functionality of many network security techniques, including antivirus, antispam, firewall, intrusion detection/intrusion prevention, and VPN.
For Cisco routers, the "AAA" network security best practices are:
- Authentication: Identifying users before providing access to a router or switch, e.g. through logins/passwords or through challenge-response mechanisms.
- Authorization: Determining what a given user is or is not allowed to do within the network. Cisco routers have three default authorization command levels: level 0 for basic commands, level 1 for user-level commands, and level 15 for enable-level commands.
- Accounting: Collecting and sharing data used in security audits and reporting, e.g. usernames, executed commands, and task start and stop times.
6. Planning For the Future
Regardless of how you've configured your Cisco network monitoring setup, it's impossible to predict how the field of network management, monitoring, and troubleshooting will evolve in the short and long terms. As your IT environment changes, your chosen network monitoring tools and practices need to advance alongside it.
Over the past decade, for example, network technologies have gone from 40G to 100G Ethernet, with speeds of 200G, 400G, and even 800G Ethernet on the horizon. As physical network speeds increase, organizations need to adjust their use of packet analysis and monitoring tools to ensure that they can keep up with this faster pace.
In general, today's data centers are seeing faster deployment of new applications and services, making it imperative to keep up with this quickened rate. The growth of cloud services, in particular, requires network management and monitoring tools that can straddle the cloud/on-premises divide.
Published at DZone with permission of Nick Campion. See the original article here.
Opinions expressed by DZone contributors are their own.