With viruses and malware often consuming out of the ordinary amounts of bandwidth, monitoring bandwidth utilization is critical for identifying security anomalies.
WhatsUp Gold provides comprehensive bandwidth utilization monitoring with detailed insight into how bandwidth is being consumed.
Determine the users, applications and hosts taking up critical bandwidth
Assist with identifying unauthorized applications
Ensure business-critical applications receive enough bandwidth
WhatsUp Gold uses the data from flow-enabled devices to monitor bandwidth utilization by users, applications, protocols and connections. By leveraging a variety of technologies across vendors, including Cisco NetFlow, NetFlow-Lite and NSEL, Juniper J-Flow, sFlow and IPFIX protocols, WhatsUp Gold can convert raw data from these protocols into meaningful data showing bandwidth utilization.
By monitoring bandwidth, administrators can plan for spikes in usage, identify bandwidth-hogging applications and users (by IP address) and ensure business-critical applications get the requisite amount of bandwidth. Real-time automatic classification of traffic according to type and protocol allows instant tracking and resolution of network congestion issues.
Billing accounts from service providers, which are typically based on peak utilization, can be verified through 95th percentile reporting (a widely used calculation to measure regular and sustained bandwidth utilization). Validate that business-critical applications get the bandwidth allotted to them by monitoring Cisco NBAR and CBQoS.
Network bandwidth is typically monitored by tools that use software technologies like SNMP, packet sniffing and flow monitoring, or through hardware probes. While SNMP, sniffing and probes can show bandwidth utilization, administrators need to have better insights into which applications, protocols and users are consuming bandwidth. This information can be comprehensively provided by flow monitoring tools.
Monitoring tools are based on a “flow”, which a series of network packets sharing common characteristics like source IP and port, destination IP and port, Type of Service, protocol etc. Cisco’s NetFlow flow monitoring protocol, for instance, defines a 7-ple key, with 7 characteristics that define a flow.
Packets with identical values in all 7 fields are considered one flow, while the difference of even a single value makes up a new flow. NetFlow is enabled on an interface basis in devices. The devices collect the flow data, and export it as UDP packets to an analyzer, which then analyzes and classifies data to highlight bandwidth monitoring, bandwidth usage, billing, security issues and capacity planning.
While NetFlow is the most widely used flow monitoring protocol, Juniper’s proprietary jFlow, and the multi-vendor technology sFlow are also used to monitor network bandwidth. jFlow is a technology similar to NetFlow, with just one difference. jFlow samples each ingress flow, while NetFlow samples data flow on both the ingress and egress interfaces on the device. sFlow, on the other hand, is a packet sampling technology that samples 1 in every Nth packet that passes through the interface.