Friday, July 10, 2009

Monitoring Bandwidth Part 2: Examining SNMP Traffic Data

Let’s start by discussing what we really want to know about bandwidth:

1. How much is moving across any given interface?
2. Is the interface maxed out?
3. Is the device or devices beyond this one slow (or down)?

SNMP MIB-II enabled devices provide the following key metrics that will be used to derive answers to 1 & 2.

ifSpeed - The interfaces current bandwidth in bits per second
ifInOctets - The total number of octets received on the interface
ifOutOctets - The total number of octets transmitted out on the interface
Source: RFC 1213

The octet metrics are simple counters that grow as traffic is passed on an interface. Using these metrics we can poll devices two times and use some “simple” math to determine the delta between the polling jobs. This will give us the amount of traffic that has passed in the interval. You can divide this by the amount of time to get an average bit per second rate. Or you could simply use a tool like dopplerVUE that does the math for you (screenshot below).




* Important Tip - The measurement for the size of a file and the speed that an interface passes traffic is not the same. Despite looking and sounding similar each measurement is calculated in a different way. This is a common error. For example, network speeds are notated in bits per second. Files are normally referred to in bytes. There are 8 bits in a byte, then you need to factor in that file notation grows by 1024 not simple 1000s.

Notation examples:
Network Speed
1 Kbps = 1,000 bits per second
1 Mbps = 1,000,000 bits per second
1 Gbps = 1,000,000,000 bits per second

Data file size
1 KB = 1,024 Bytes
1 MB = 1,024 KB
1 GB = 1,024 MB

Now that the amount of traffic is known you can compare this information to the ifSpeed metric to determine the percentage of the pipe that is full. You can figure out the math or let the tools do it for you (dopplerVUE screenshot below).




To answer the final question about if the traffic is causing a slowdown on the network, check the ping response time to the device and devices beyond (if router or switch).

There are many other items we can look at regarding traffic that indicate problems in the network. You can look for packet loss, discards and errors that are occurring (dopplerVUE screenshot below). We’ll explain why these issues occur and how to correct them in a different posting, but you should consider checking these metrics as well.

No comments:

Post a Comment