Whether you’re in charge of your first network or your
100th, there are certain things you should know about the network you work on every
day. And while you may feel confident in your administration skills and
experience, it never hurts to step back and take stock.

Therefore, I’ve compiled a list of five things every
administrator needs to know about his or her network. This can come in handy
when it comes time to document your network or train a newly hired
administrator.

Keep in mind that this isn’t a wish list of options. If
you’re responsible for your organization’s network, you’d better know these
things—or else.

What is your network baseline?

Network administrators use a baseline (or benchmark) as the basis
for future measurement of a network. So when you start having trouble with your
network and check out some network statistics, you can use the baseline to know
what’s normal and what’s not.

If you have a small network, you could create a baseline by
periodically capturing the output of a number of commands for every router and
switch. However, while this may work for a very small network, it’s not a
feasible approach for a network made up of more than a few devices.

To develop a baseline for a midsize network, you could use a
tool such as PRTG,
MRTG, or another
network analysis tool. You could also use something like Cisco’s Security
Device Manager (SDM) and take some screen captures.

Whichever method you decide on, the important thing is that
you know what your network normally looks like and can determine what’s
abnormal for your network. For example, do you know the average kilobits-per-second
utilization on your main router’s WAN port? Is 5-MB utilization at 10 A.M. on a
Monday normal for that port?

If you can’t answer these questions, then you don’t have a baseline—and
you’re not keeping an eye on your network as much as you should. While you
don’t have to memorize pages of statistics, you do need some sort of way to be
able to compare present and past performance.

Where are the network bottlenecks?

Do you know where the bottlenecks are on your network? If
you transferred a 1-GB file from your headquarters to a satellite site in
Timbuktu, which path would that traffic take? Could you transfer it during the day
without impacting network performance?

That’s why you need a network diagram.
A network diagram should tell you where the bottlenecks are. If you don’t currently
have a network diagram, it’s time to create one. You can do so using a tool such
as Visio.

Don’t make the mistake of considering this an optional
resource—it’s necessary for resolving network problems in a timely manner. Make
sure you develop the tools you need now, before you need them.

Which type of traffic is critical?

It’s vital that you know
your traffic. For example, if you allow Web browsing and voice over IP (VoIP)
traffic on the same link without any quality of service
(QoS) requirements, you’ll undoubtedly encounter VoIP performance issues. If
you’re sending large print jobs over a 128-K WAN link with Citrix traffic, you can
expect to receive complaints from the Citrix users.

Once you know your traffic, you can better plan changes,
implement changes, and understand performance bottlenecks. More important, you
must find ways to control your
traffic. You can accomplish this using either Cisco QoS or appliances such as Packeteer.

How can you effectively plan, implement, and debrief network changes?

When it comes to making network changes, don’t get into
trouble because of short-term thinking, lack of preparation, or just plain
recklessness. As the old saying goes, “Plan your work, and work your plan.”

Here are some best practices for rolling out network
changes:

  • Never make changes on a production
    network during the day. Instead, schedule changes for after-hours.
  • Set up a
    test environment    , and test your changes before implementing them.
  • Save
    configuration files before making changes.
  • Review
    changes with other knowledgeable network staff.

After you’ve rolled out changes, hold a post-mortem meeting
to review the changes, the process, and what you could have done differently.
Then, develop a plan for creating new networking documentation and a new
network baseline.

Is your network secure?

Finally, you need to know if your network is truly secure. While
you can think it’s secure, the only
way to really know for sure is to test it—conduct a
penetration test.

I recommend contracting with an experienced consulting firm
as well as performing your own internal test. Don’t underestimate the knowledge
and experience a trained professional has to offer.

How does your list of what every Cisco administrator should
know differ from this one? What would you add or delete? Post your thoughts in
this article’s discussion.

Miss a column?

Check out the Cisco Routers and Switches
Archive, and catch up on David Davis’ most recent columns.

Want to learn more
about router and switch management? Automatically
sign up for our free Cisco Routers and Switches newsletter, delivered each
Friday!

David Davis has worked
in the IT industry for 12 years and holds several certifications, including
CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of
systems/network administrators for a privately owned retail company and
performs networking/systems consulting on a part-time basis.