Tuesday, March 8, 2016

Graph Your Network Traffic

You need to graph your Internet usage, if not all network usage. I'm surprised I didn't write about this sooner. I talk about it frequently. It is one of the steps that separates a professional network or system administrator from someone just trying to keep things running. So let's dig into this.

Which discussion would you rather have when it's time to plan the budget:

A: "Things seem slow sometimes; especially during business hours. I believe that we should pay for a bigger Internet connection in order to address this."

...or...

B: "Here is a graph of our Internet usage over the last week. The dotted line across the top is what purchase from our ISP. The green line is our actual usage, with readings taken every 5 minutes. As you can see, our usage curves upward over the first hour that we're open and then hits the dotted line. Then we stay there until shortly after we close. Based on this data, I believe we should pay for a larger Internet connection."

I'm sure you can imagine other situations similar to these, but here are a few more: Justifying replacement of 100Mbps switches with 1000Mbps switches. Tracking down which device is flooding your network with poorly configured multicast traffic (rendering it useless for everyone else) in about 10 minutes. Figuring out if the lag you're experiencing is network congestion on your servers or a "full" Internet connection or if you just have too many devices on too few wireless access points.

These are all situations that you might really face. They're all situations that you can handle with aplomb if you set up network graphing. By looking at graphs of how much traffic is going through each switch in your network, you can quickly spot patterns that might otherwise be invisible.

If you don't know where to start, then I recommend checking out Cacti. By installing it on a server of your choice, you can start building graphs through a web app. For example, I started up my favorite free Unix-like system (FreeBSD) on a virtual server, installed Cacti quickly from the FreeBSD ports collection, added SNMP version 1 / read-only community names to all of my switches (easier than it sounds,) and started adding them to Cacti through a nice web-based interface. It was surprisingly easy, even though it took some time. I'd recount how to do it for you, but the reality is that other people on the Internet have already done a better job. Find a guide for your preferred server OS and give it a try.

The bottom line here is this: Even the most talented systems administrator doesn't know about the things they're not measuring. Make your systems measure themselves so you can make better decisions -- especially when speaking to your manager or anyone with the ability to shape the budget. If you're not sure where to start, try Cacti, because it's free, not overwhelmingly complex, and has enough ability that many professionals prefer it to the commercial products.