Best Tool to Display WAN utilization by the Second

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
What is the best tool that can capture data in a graphical format per
second.  I tried the tool from Crannog but it captures only WCCP data
and that is displayed every 10 minutes as a summary.


I have a WAN of 50 remote locations and I need to see the bandwidth
utilization from sites by the second during all times of the day
because I believe that I may be having 15 second increases in
bandwidth that is not being displayed in my regular network monitoring
software because it summarizes data by the minute or 5 minute
intervals.  I need a tool that I can keep running 24/7.

What are the best tools to see graphical WAN utilization by the
second?  Do I have to deploy a probe at every location to see this
data?


Re: Best Tool to Display WAN utilization by the Second
Quoted text here. Click to load it

mrtg or derrivative is good and free.

Someone once told me that rrdtool had hooks for SQL
which may be good for a lot of data. 50 though is not
I don't think that many. rrdtool is free too.

Look at cricket too.

Be aware that the cisco coutners may not update as
often as every second. Easy to check when you get
your graphs running.



Re: Best Tool to Display WAN utilization by the Second
Quoted text here. Click to load it



Orion network performance monitor by solarwinds is a great tool. I
know you can poll every 10 seconds, not sure about every second. Has a
lot of different graphs of utilizations, memory, errors, etc.


Re: Best Tool to Display WAN utilization by the Second
Quoted text here. Click to load it

And the Orion is really just an extension of the Engineer's edition.  You
can get a Solarwinds option much cheaper than the whole Orion solution.  If
I remember correctly, I think Solarwinds does poll at 1 sec if you wish.
I'm pretty sure they have a downloadable trial if you wish to check for
yourself.

However, you need to really consider what you are doing.  Keeping this
amount of data in a usable form will take a hoss of a server and possibly
tax your network in the process of gathering it.

Consider using netfow and/or NBAR.  One of these could potentially be a much
better solution for you.




Re: Best Tool to Display WAN utilization by the Second
Quoted text here. Click to load it
If
much

Netflow could be even worse. If you set it to a short flow timeout, you
could be getting comparable amounts of stats per flow rather than per
interface.

one of the Cisco white papers suggest as a rule of thumb of 1.5% of measured
traffic could be the bandwidth needed for the netflow stats on an Internet
style mix of flows.....
http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html#wp1030077

 --
Regards

stephen_hope@xyzworld.com - replace xyz with ntl



Re: Best Tool to Display WAN utilization by the Second
Quoted text here. Click to load it
http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html#wp1030077
Quoted text here. Click to load it

I completely disagree that Netflow would be worse.  I think it would provide
to have less management traffic and would be less processor intensive than
submitting an SNMP query every second.

You will find that not that many flows actually time out.  But, you can
tweak the settings if they do.

Really what solution is best for you depends on exactly what you are trying
to accomplish.  My understanding from your original post is to identify
times that you are getting high traffic flows.  Querying via SNMP every
second just seems like a really bad idea to me.  You will get much more data
than you think, if you believe that this would be less than Netflow.  Also,
it will be taxing on your processor.  Don't get me wrong, Netflow can
provide a lot of data as well and you'd still probably need a sizable server
for a lot of traffic.  But, all in all, I think it will be less data and
more usable.

Even if you can identify the exact time that your usage spikes with SNMP, it
still won't tell you anything about what the traffic is.  With Netflow, you
will see plenty of detail to give you this information.

I'll stand by my original opinion that Netflow is probably a better solution
for what you are trying to do, or at least what I am understanding that you
are trying to do.

Hope that helps,

Jim





Re: Best Tool to Display WAN utilization by the Second
Quoted text here. Click to load it
per
data
monitoring
a
You
wish.
possibly
Internet
http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html#wp1030077
Quoted text here. Click to load it
provide

yes - but what you get with Netflow is "averaging" across each flow for the
time it lasts, or to the Netflow timeout.

So, aiming to get down to 1 sec granularity, or close to it, implies short
timeouts....

the data volume crucially depends on number of flow changes / sec, so is
very sensitive to traffic pattern changes.

1 of the disadvantages sometimes cited for Netflow is how it can behave when
you suddenly gets lots of flows (denial of service attacks were the main
example i was given - admittedly by someone pushing SMON as an alternative
:) ).

The easy fix is to send the flow info over a high speed link so you dont
care about volume so much - eg put a Netflow collector next to a big router
doing Netflow with a LAN between them.
Quoted text here. Click to load it
trying
data
Also,
server

definitely. And at least with Netflow you can buy a "package" solution with
s/w, server etc and just kick it off.
Quoted text here. Click to load it
it
you

Agreed.

And if all else fails, a Sniffer with a big circular buffer and a good
"trigger" to save it so you see a copy of the actual data is probably the
best solution of all.

But it doesnt scale easily, and you need to leave a PC or laptop connected
up to the actual network at the affected point to get useful results.

the original Sniffer s/w isnt cheap either - $1000s just to get the basic
stuff.
http://www.networkgeneral.com/Products_details.aspx?PrdId=20046243936754

other flavours start at free for wireshark and similar - but i havent tried
this kind of snapshot triggered monitoring with that.
http://www.wireshark.org /
Quoted text here. Click to load it
solution
you
--
Regards

stephen_hope@xyzworld.com - replace xyz with ntl



Site Timeline