Questions

Traffic monitor

+
0 Votes
Locked

Traffic monitor

I've just implemented a MPLS IP VPN CISCO WAN T1 3MB - 1.544 MB for our new DC and was wondering if there were any tried and true best solutions for WAN traffic montioring?
  • +
    0 Votes
    robo_dev

    If you're talking about really monitoring/troubleshooting at the physical layer, then you either need a T1 CSU/DSU that has built-in monitoring capabilities, or deploy a T1 Tap to allow monitoring to happen in another device. There's a ton of capability built into the Cisco gear, of course.

    In terms of true low-level analysis, using a T1 Tap and a Fluke Optiview box or a Network Instruments Observer box...those will tell you everything, period.

    http://www.networkinstruments.com/products/observer/wan.html
    http://www.flukenetworks.com/products

    Of course with Cisco products like the NAM module and the built-in features, you can probably do about 75% of what you need to do under normal circumstances.

    +
    0 Votes
    Spitfire_Sysop

    Instead of using some expensive T1 analyzer you could just monitor the traffic that comes out of the CISCO box. This way you are actually looking at what is coming and going from your network. Simple statistics can be gleaned from any IDS\IPS solution but if you want deep packet inspection I would recommend running an in-line wireshark.

    +
    0 Votes
    robo_dev

    The practical issue is that if you are looking at issues at layer 3, and it's a layer 1 problem, you then have to get to the layer 1 level, and if you don't have that capability in place, then it takes valuable time to set that up.

    The Cisco NAM (network analysis module) is essentially the same thing as a WireShark box on a card, except that you don't need to run cables, since the NAM is connected to the backplane of the switch or router, and you just mirror a port to it.

  • +
    0 Votes
    robo_dev

    If you're talking about really monitoring/troubleshooting at the physical layer, then you either need a T1 CSU/DSU that has built-in monitoring capabilities, or deploy a T1 Tap to allow monitoring to happen in another device. There's a ton of capability built into the Cisco gear, of course.

    In terms of true low-level analysis, using a T1 Tap and a Fluke Optiview box or a Network Instruments Observer box...those will tell you everything, period.

    http://www.networkinstruments.com/products/observer/wan.html
    http://www.flukenetworks.com/products

    Of course with Cisco products like the NAM module and the built-in features, you can probably do about 75% of what you need to do under normal circumstances.

    +
    0 Votes
    Spitfire_Sysop

    Instead of using some expensive T1 analyzer you could just monitor the traffic that comes out of the CISCO box. This way you are actually looking at what is coming and going from your network. Simple statistics can be gleaned from any IDS\IPS solution but if you want deep packet inspection I would recommend running an in-line wireshark.

    +
    0 Votes
    robo_dev

    The practical issue is that if you are looking at issues at layer 3, and it's a layer 1 problem, you then have to get to the layer 1 level, and if you don't have that capability in place, then it takes valuable time to set that up.

    The Cisco NAM (network analysis module) is essentially the same thing as a WireShark box on a card, except that you don't need to run cables, since the NAM is connected to the backplane of the switch or router, and you just mirror a port to it.