mag72

Active Network Monitoring – Definition and Measurements Systems

active network monitoring

Marc Wilson

Active Network Monitoring is a practice performed by network engineers to test networks by inserting test traffic and tracking its path towards a destination. It does this by sending ICMP packets to collect measurements between two endpoints or more in a network.

Below are some of the metrics that Active Measurement systems have to deal with:

  • Packet Delay
  • Packet Loss
  • Packet Reordering
  • Availability
  • Routes
  • Packet Inter-arrival Jitter
  • Bandwidth Measurements (Capacity, Achievable Through-puts)

Widely used tools such as PING, which is used to measure packet loss and packet delays, and traceroute which can help determine the topology of the network, are some common examples of essential active measurement tools.

diagram

Both of these simple tools transmit using ICMP packets, or probes to a designated host and wait for the host to respond to the sender.

For instance, in the diagram shown above a ping command uses active measurements by sending an Echo Request from the source host through the network to a stated destination. An Echo Response is then transmitted back by the destination to the source from where it received the request.

Not only an individual would be able to collect the metrics mentioned above from these active measurements, but it also enables you to determine the network topology.

Other Active Measurement tools?

Another widely used example of an active measurement tool is iperf.

This tool helps you calculate TCP and UDP bandwidth performance.

It also reports bandwidth, loss, and delay jitter.

Below is a screenshot of iperf tool command listening to the client/host 10.0.0.106 with intervals of 1 second.

iperf

The problem that you may come across with active monitoring is that introducing probes into the network may cause interference on the regular traffic running on the network. Most of the times, these probes can be treated differently than regular traffic, which leaves a question mark on the authenticity of the information provided by these probes.

As a result, active monitoring is rarely employed as a stand-alone method for professional monitoring as a good deal of overhead is introduced into the network.

Challenges to Conventional Active Monitoring Approaches

Conventional active monitoring methods that rely entirely on ping and traceroute may face the following challenges. Some of these challenges include the inadequacies of traceroute:

traceroute

  • Many firewalls block ICMP packets:
    The conventional traceroute methods that rely on these type of packets, are often unreliable. When it comes to accuracy, TCP-based traceroute monitoring is a preferred method over the traditional ICMP-based traceroute.
  • Traceroute relies on multiple ICMP packets to discover a given path to a Destination:
    It can lead to a confused load balancer, which can further end up distorting the identified routes. In some cases, load balancing can change in the middle of the inferred path.
  • Muted interfaces vs. Packet loss:
    While using traceroute, it ‘won't be easy to differentiate between muted interfaces and real packet loss. Muted interfaces never reply to the “ICMP Time Exceeded” message that notifies a host when a packet has been discarded because it is “out of time.” So, it is impossible to identify whether the packet loss occurred on the way to the interface or the response from the interface is lost.
  • There is Never one Route:
    Traceroute ‘won't be able to determine a complete end-to-end path between the nodes. In a network, most of the source-to-destination pairs have more than one route, and it will take you to transmit several probes to identify the alternative routes from a source to its destination.
  • Inaccurate Traceroute Measuring:
    MPLS can affect per-hop delays due to strange behavior adapted by some of the MPLS tunnels. It means, traceroute gives you incredibly faster per-hop delays that is inaccurate and impossible to certify.

 

Advanced Active Network Monitoring Characteristics

There are more state-of-the-art active monitoring that extends the capabilities of traditional ICMP passive tracert and ping. These capabitlites provide detailed information about the network path and metrics, and present comparison of this data with routing and application-layer data.

Some of the offered network metrics are:

For TCP Web Streams

When tracking web server traffic or HTTP flows, advanced active monitoring tools allow you to analyze the following network parameters for the client – web server traffic.

  • Packet loss
  • Round-trip Time (RTT)
  • Jitter
  • Maximum Transmission Unit (MTU)
  • Maximum Segment Size (MSS)
  • Bandwidth Availability

For RTP Voice Streams

Real-time voice flows can also be analyzed by an advanced active monitoring tool. The following are the most important aspects that affect voice communication.

  • Mean Opinion Score (MOS)
  • Packet loss
  • Latency
  • Discards
  • Packet delay variation
  • Received Differentiated Services Code Point (DSCP)

For Path Traces

Path traces are typically used to monitoring and debug a network. An advanced active monitoring tool is capable of tracking a network thorough these traces.

  • Forwarding loss
  • Interface Maximum Transmission Unit¬† (MTU)
  • Terminal hops
  • Link latency
  • MPLS tunnels/labels
  • QoS (DSCP)

Summary

The idea of an advanced active network monitoring tool or application is that it must be capable of making sure that the probes or ICMP packets are almost identical from any traffic running on the network.

But at the same time, it must be able to generate the same metrics as discussed above, such as packet loss, latency, MTU, DSCP, Jitter, MSS, and so on. Another key idea of active monitoring is that the probes do not need instrumentation at the servers only at the client.