Main Nav

My boss asked me a question the other day, or more correctly expressed a desire to be able to do something pretty specific.  He’s tired of being told in casual conversation or in meetings that network performance was (usually) bad at a specific time (now), or more likely at a specific time 2 days ago.  He, of course, asked me if there was any way we could determine this kind of issue across our whole network. 

 

Our network is probably small compared to some of the campuses I’ve seen but still pretty sizeable (couple hundred switches).  So I wondered what other Network Managers do when this question is asked.  Typically if it is asked in an immediate time frame, we scramble and send someone over to the location and by the time we get there, everything is working just fine.  Even for the person originally reporting the problem.  I know the typical answers to these situations. 

 

But I’ve been wondering if there is some way to keep data about performance on a wide scale (and here’s the hard part) without breaking the bank for storage or processing (or software).  Is there anything that approaches what I am looking for?  (and I’m sorry I can only describe it in such hand-wavy terms) 

 

I have heard about NetFlow but am not familiar with it.   I plan to investigate it though. I was wondering if there was anything else capable of doing something that approximates what I’ve  been asked to do?   (which seems pretty much impossible to me right now) 

 

Thanks.

Chris

Chris Davis

CIS Security Director

The Principia

St. Louis, MO  63131

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Message from lists.educause.netman@change.nightwind.net

What kind of performance are you looking to keep track of? If you want in/out statistics on switchports, check out Cacti. It's free (speech/beer) SNMP monitoring software based on rrdtool and will show you traffic in/out, and can be set up for errors in/out as well (good for autonegotiation mismatch diagnosis). Obviously if you have a lot of switches it'll take longer to set up, but once they're in there then Cacti will just keep polling them and you can drill down into each switch and check each or all ports on that device. I usually would check the port the user was on as well as the switch's uplinks. Of course the problem never was "the network", it turned out to be issues with our Windows fileserver cluster, or Exchange bogging down for some reason, etc. On Fri, Oct 5, 2012, at 13:42, Chris Davis wrote: > My boss asked me a question the other day, or more correctly expressed a > desire to be able to do something pretty specific. He's tired of being > told in casual conversation or in meetings that network performance was > (usually) bad at a specific time (now), or more likely at a specific time > 2 days ago. He, of course, asked me if there was any way we could > determine this kind of issue across our whole network. > > Our network is probably small compared to some of the campuses I've seen > but still pretty sizeable (couple hundred switches). So I wondered what > other Network Managers do when this question is asked. Typically if it > is asked in an immediate time frame, we scramble and send someone over to > the location and by the time we get there, everything is working just > fine. Even for the person originally reporting the problem. I know the > typical answers to these situations. > > But I've been wondering if there is some way to keep data about > performance on a wide scale (and here's the hard part) without breaking > the bank for storage or processing (or software). Is there anything that > approaches what I am looking for? (and I'm sorry I can only describe it > in such hand-wavy terms) > > I have heard about NetFlow but am not familiar with it. I plan to > investigate it though. I was wondering if there was anything else capable > of doing something that approximates what I've been asked to do? > (which seems pretty much impossible to me right now) -- Nick Kartsioukas Cuesta College Computer Services 805-546-3248 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
On Fri, Oct 05, 2012 at 01:49:08PM -0700, Nick Kartsioukas wrote: > What kind of performance are you looking to keep track of? If you want > in/out statistics on switchports, check out Cacti. It's free > (speech/beer) SNMP monitoring software based on rrdtool and will show > you traffic in/out, and can be set up for errors in/out as well (good > for autonegotiation mismatch diagnosis). Obviously if you have a lot of > switches it'll take longer to set up, but once they're in there then > Cacti will just keep polling them and you can drill down into each > switch and check each or all ports on that device. I usually would > check the port the user was on as well as the switch's uplinks. Of > course the problem never was "the network", it turned out to be issues > with our Windows fileserver cluster, or Exchange bogging down for some > reason, etc. > Zabbix is also an option and can be used to track performance data using SNMP and other performance tests. The data backend is not rrdtool like Cacti but a full SQL database. It is extremely versatile. Cheers, Ken ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Message from mark.duling@biola.edu

On switchport stats, NeDi integrates with and complements Cacti.  It 1) automatically discovers and graphs your switch's interfaces, cpu, memory, and temp; 2) allows you to select which interfaces to tell Cacti to graph with one click.

In this way you have a layered approach where NeDi graphs all interfaces automatically as soon as a switch is discovered at low polling intervals 30-60 minutes (depending on your network size/discovery interval), and for the important interfaces you can simply check a box in NeDi's list to have that interface graphed in Cacti at high polling intervals (typically 5-minutes).  You may also put the Cacti graphs on a weathermap to display your performance graphs in geographical or logical maps to have at-a-glance views of what parts of your network are exceeding rate thresholds.


I will agree with the idea to use open source software like Cacti to graph interface usage across your network.  This will require standard server hardware (or a virtual machine) and some Linux experience.
http://www.cacti.net/
 
I also recommend collecting netflow from your routers using NFdump.  This includes a web-interface called NFSEN that can graph this flow data, and also allow you to run queries on this data.
 
Cheers!
 
Tristan
 
--
Tristan Rhodes
Network Engineer
Weber State University
(801) 626-8549


>>> On 10/5/2012 at 2:49 PM, in message <1349470148.24671.140661137032485.4A7F3D95@webmail.messagingengine.com>, Nick Kartsioukas <lists.educause.netman@CHANGE.NIGHTWIND.NET> wrote:
What kind of performance are you looking to keep track of?  If you want
in/out statistics on switchports, check out Cacti.  It's free
(speech/beer) SNMP monitoring software based on rrdtool and will show
you traffic in/out, and can be set up for errors in/out as well (good
for autonegotiation mismatch diagnosis).  Obviously if you have a lot of
switches it'll take longer to set up, but once they're in there then
Cacti will just keep polling them and you can drill down into each
switch and check each or all ports on that device.  I usually would
check the port the user was on as well as the switch's uplinks.  Of
course the problem never was "the network", it turned out to be issues
with our Windows fileserver cluster, or Exchange bogging down for some
reason, etc.

On Fri, Oct 5, 2012, at 13:42, Chris Davis wrote:
> My boss asked me a question the other day, or more correctly expressed a
> desire to be able to do something pretty specific.  He's tired of being
> told in casual conversation or in meetings that network performance was
> (usually) bad at a specific time (now), or more likely at a specific time
> 2 days ago.  He, of course, asked me if there was any way we could
> determine this kind of issue across our whole network.
>
> Our network is probably small compared to some of the campuses I've seen
> but still pretty sizeable (couple hundred switches).  So I wondered what
> other Network Managers do when this question is asked.  Typically if it
> is asked in an immediate time frame, we scramble and send someone over to
> the location and by the time we get there, everything is working just
> fine.  Even for the person originally reporting the problem.  I know the
> typical answers to these situations.
>
> But I've been wondering if there is some way to keep data about
> performance on a wide scale (and here's the hard part) without breaking
> the bank for storage or processing (or software).  Is there anything that
> approaches what I am looking for?  (and I'm sorry I can only describe it
> in such hand-wavy terms)
>
> I have heard about NetFlow but am not familiar with it.   I plan to
> investigate it though. I was wondering if there was anything else capable
> of doing something that approximates what I've  been asked to do? 
> (which seems pretty much impossible to me right now)
--
Nick Kartsioukas
Cuesta College Computer Services
805-546-3248

**********
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

We use PRTG Network Monitor and are very happy with it. It is on par with Orion and you can’t beat the price (they have educational pricing). It doesn’t need a lot of resources. We have it running on an Optiplex 790 with no issues. Feel free to contact me off list.

 

Tim

 

 

Tim Cappalli, ACMP CCNA | (802) 626-6456

Office of Information Technology (OIT) | Lyndon

» cappalli@lyndonstate.edu | oit.lyndonstate.edu

 

 

Sent from Windows 8 and Outlook 2013

 

We are using Statseeker, it's able to ping 130000 objects (interfaces) 4 times a min and track 300,000+ snmp objects every 5 min. This creates a permanent history of availability, RRT, utilization, errors, temperature, cpu and retransmits. There is aggregation, but unlike Cacti, MRTG and other RRDtool front ends there is no roll up/off of data. So if you want to see the peak data from a month ago or a year ago, the data is there.

It's not configurable like Cacti/RRDtool. You get what they give you re SNMP mibs, but in reality most stuff is in there like Cisco, Juniper, Foundry, Lucent, Extreme, 3Com, Unix, Solaris, Windows, etc...

In our case Statseeker claimed to track and alert of  everything on our network. Tracking for sure, not so much alerting. Alerting on availability (pingable) yes, alerting on SNMP objects turned out to be more like 20 - 30 k. This is enough in our case, but the man months of troubleshooting to be a rocky start.

Priced at $20k is cheap compared to most enterprise NMS systems but not the free of Nedi and Cacti. 

Statseeker does not run on VM requiring Raid zero, super fast access to their proprietary flat file data base. We've got a 16GB Ram, Quad, 1 TB RAID engine pushing this baby.

 
|Bruce Boardman, Network Engineer, Syracuse University -  315 889-1667
I also use Cacti.  I have also seen Cacti running in VERY large networks environments with thousands of notes and tens of thousands of ports.  

Good morning - Trending: Cacti Up/down monitoring, alerting: Ipswitch What's Up Netflow: Scrutinizer Working pretty well for us. But I am considering a "cleaner" option, such as prtg or statseeker. - Pete Hoffswell - Network Manager pete.hoffswell@davenport.edu http://www.davenport.edu 616-732-1101
We still use good ol' MRTG for trending of bandwidth, environment temperature / humidity, CPU and Memory load, email traffic throughput and other data.  If we can find a MIB / OID we monitor it!

We also run an older but free version of ManageEngine's Netflow analyzer, and use a program called IPSentry for up/down monitoring of devices and services.

This has worked very well for us over the years and was designed on a shoestring budget.  If I were to build something today, I'd want a budget and find a single holistic tool to do it all, if possible.  I'd probably start by looking at ZenOss or similar tools.


On 10/8/2012 10:19 AM, Pete Hoffswell wrote:
Good morning - Trending: Cacti Up/down monitoring, alerting: Ipswitch What's Up Netflow: Scrutinizer Working pretty well for us. But I am considering a "cleaner" option, such as prtg or statseeker. - Pete Hoffswell - Network Manager pete.hoffswell@davenport.edu http://www.davenport.edu 616-732-1101
A second for Statseeker. Simple interface - straightforward and easy to use. Different user rightst means you can give rights  to superiors without the fear of messing anything up. Stats by interface - and historical data for trending, etc. for as long as you have space to store it (years).

Dan Mahar
Network Manager
Information Technology Services

Peschel Computing Center off  (518) 388-8050
807 Union St. Fax (518) 388-6458
Schenectady, NY 12308 mahard@union.edu





We use a product that we have been very happy with.  It is Intermapper from Dartware.  It allows you to make maps very easily and tracks the links in between the equipment with lines that change color depending upon the thresholds you set for bandwidth averages.  It makes a good monitor that way.  You can have an overall map that will give color changes to objects (like a site) when an alarm goes off.  You can then drill down to another map of the site that gives you the detail.  You can set graphs to track virtually anything you want with relative ease.

 

If we were not using that and went with opensource I would probably do Cacti or Zenoss.

 

You might want to check out Netdisco as well. www.netdisco.org  It is a tool we rely upon heavily.  It pulls the mac and arp tables and with dns lookups allows you to tell how long any given machine has been on a given port and if it moves, what switch and port it moves to.  If you have filled the descriptions in on your ports this thing can be a real lifesaver.  It does take some Linux skills but well worth the effort.  The easiest install is by doing a Fedora/CentOS/Redhat implementation and using the EPEL.

 

Will McCullen

Information Security Officer (Acting)

Pima Community College

520-206-4873

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.