Network monitoring has been in the doldrums for decades. The best protocols for network visibility that our industry has produced are SNMP, ping, and syslog. We use SNMP for metrics and ping to test availability, and syslog is an entire data source for device information. All of these have limitations.
However, over the last few years, software defined networking has seen new ways of getting information from our devices, and new tools and techniques are emerging to help network operators get better data and make more sense out of it.
Today we have a couple of folks to talk about the state of network monitoring and analytics. We’ll discuss why things like SNMP aren’t enough, how analytics and telemetry differ from traditional monitoring, what data sources are available, and how we can put that data to good use.
A. Define Analytics & Telemetry Compared To Network Monitoring
- I’ve got SNMP, why isn’t that enough?
- Flexible data sources
- What kind of data? Routing? Counters? Control-plane ‘deep’ counters like Q depth? Detailed config data (like LACP hash params+functions)?
- How often? Streaming or pull? What about streaming?
- Self-defined data formats
- Network-centric or application-centric instead of device-centric or “hop by hop” performance
B. Implementation Factors
- Other data sources?
- Streaming bus?
- REST APIs
C. Data Wrangling
- Data platforms – one or many?
- Streaming data buses to feed multiple tools?
- How to interoperate?
- How to use for multiple purposes (BI, ops, security, performance)?
D. Use Cases
- Debugging/root cause? How to use the data for that?
- Alerting and prediction over the data?
E. Visualization & Presentation
- Viable UI design
- UX flow and presentation
- Business – linking performance to dollars, reducing asset values
PQ Show 46 – Saisei & Network Performance Enforcement – Packet Pushers
PQ Show 71: Kentik & Real-Time Network Visibility (Sponsored) – Packet Pushers
What is Juniper-Grafana? – GitHub