Table of Contents
- What is Cisco Network Monitoring?
- Best Practice No. 1: Understanding FCAPS
- Best Practice No. 2: Choosing the right metrics
- Best Practice No. 3: Configuring SNMP and syslog
- Best Practice No. 4: Using Cisco NetFlow
- Best Practice No. 5: Bolstering network security
- Best Practice No. 6: Planning for the future
- How MetricFire can help!
It's often said that your network is the "backbone" of your IT infrastructure, underlying every other part of your enterprise IT. If your Cisco network infrastructure goes down or is experiencing performance issues, it's crucial that you have a real-time solution to identify and resolve the problem as soon as possible.
But what does such a solution look like when it comes to Cisco networks? In this article, we'll discuss six best practices for Cisco network monitoring, network management, and troubleshooting, so that you're always getting the highest network performance possible.
What is Cisco Network Monitoring?
"Network monitoring" refers to a set of tools and practices that allow your network administrators to manage and oversee your enterprise network. By alerting you when things go wrong, network monitoring tools ensure that your routers and other network devices are functioning at optimal conditions and that you continue to offer an acceptable QoS (quality of service).
The reasons you need a strong, powerful network monitoring and management system in place include:
- Improving network connectivity and increasing bandwidth
- Strengthening network security through firewalls, SIEM, etc.
- Deploying applications and services faster
- Providing a top-notch experience for end-users
- Minimizing network downtime
Cisco network monitoring involves using monitoring and management tools to oversee your network traffic and properly configure your Cisco devices. Below, we'll discuss many Cisco network monitoring tips and tricks that are specific to Cisco systems.
Best Practice No. 1: Understanding FCAPS
When it comes to network management and monitoring—Cisco or otherwise—you need to have a solid understanding of your primary objectives. The FCAPS model offers a framework that outlines the most important requirements for network monitoring and management:
- Fault management: Identifying and correcting "faults" (i.e. errors or unexpected events), as well as identifying potential future issues.
- Configuration management: Storing and monitoring system configurations, simplifying and making changes if necessary, and anticipating future changes.
- Accounting: Monitoring network usage and billing individual users, teams, departments, and units appropriately; may be replaced with "administration" for networks that do not bill users.
- Performance management: Guaranteeing that network performance remains within acceptable levels by collecting data such as throughput and utilization.
- Security management: Ensuring restriction of access to certain resources to the appropriate users and user groups.
Best Practice No. 2: Choosing the right metrics
When it comes to understanding the traffic flows in your Cisco network, not all data is created equal. By selecting the best performance monitoring metrics and key performance indicators (KPIs), you'll be able to identify hidden trends, make smarter predictions, and resolve anomalies and performance issues faster.
Metrics are raw data collected from sources such as hardware, sensors, and applications, usually on a periodic or regular basis. The categories of network performance metrics include:
- Host metrics about the performance of an individual computer (e.g. CPU, disk, and memory usage)
- Application metrics about the performance of an individual application (e.g. response time, error rate, request rate, failure rate)
- Network performance metrics (e.g. packet loss, availability, connectivity, throughput)
- Special events that are not triggered at regular intervals
Of course, deciding which metrics and KPIs to monitor and collect is just the first step. You also need to answer questions such as:
- What is the appropriate interval over which to examine the data? Certain performance issues can easily be concealed within the data if the time interval is too large, hiding them behind the noise. On the other hand, time intervals that are too small can cause strain on performance and occupy too much storage.
- How long should you store the data? For some metrics, storing data long-term is essential in order to have a baseline point of comparison, or to identify anomalies or trends such as seasonality. You should weigh the need to preserve this information against the need to free up storage for fresher collections of data.
MetricFire displays your metrics, KPIs, and network monitoring data in beautiful Grafana dashboards and visualizations. With a simple, intuitive user interface, MetricFire makes it easy for anyone to get real-time answers about their IT environment.
Get in touch with our team today for a free trial to see why thousands of engineers have chosen MetricFire for their application and infrastructure monitoring needs. You should book a demo and talk to the MetricFire team about how you can best set up your monitoring stack.
Best Practice No. 3: Configuring SNMP and syslog
Choosing the right metrics is a must-have for any network monitoring solution—but how do you actually collect the underlying information for these metrics?
SNMP (Simple Network Management Protocol) is an application-layer standard protocol for exchanging information between network managers and network agents. Cisco devices commonly use SNMP. For example, you can set up an alert called an "SNMP trap" to be sent from a remote network agent (e.g. a Cisco router or server) to a centralized SNMP manager.
To have your Cisco routers and switches exchanging information, you can enable and configure SNMP for your Cisco devices. Note that while SNMP is still widely used on Linux, Microsoft has deprecated SNMP for the Windows 10 operating system due to certain security risks. Instead, Windows users should switch their use of SNMP protocols to the Common Information Model (CIM).
In addition to SNMP, you can also use the syslog logging mechanism to capture data from Cisco network devices. The syslog protocol contains information such as device status, warnings, errors, and events, and is used to carry this data from individual network devices to a centralized syslog server.
Best Practice No. 4: Using Cisco NetFlow
Cisco NetFlow is one of the most valuable tools in your arsenal for monitoring your Cisco network. NetFlow is a Cisco network monitoring tool that assembles information on network traffic and monitors your network flow. The full list of data collected by NetFlow includes:
- Source and destination IP addresses
- Input and output interface numbers
- TCP/UDP source port and destination ports
- Number of bytes and packets in the flow
NetFlow is available for Cisco IOS routers; Cisco recommends that "NetFlow should be deployed on edge/aggregation router interfaces for service providers, or WAN access router interfaces for enterprise customers." When designing your NetFlow data collection strategy, take into account your network topology and routing policy—for example, to avoid collecting duplicate flows.
Best Practice No. 5: Bolstering network security
No matter who you are or what your Cisco network looks like, improving network security is a crucial best practice. Users should already practice the basics of good network security hygiene—for example, by using a VPN (virtual private network), which offers secure remote access to the corporate network.
In particular, Cisco ASA (Adaptive Security Appliance) is a family of network security devices that has been purpose-built for corporate networks and data centers. Cisco ASA acts as a force multiplier: It combines the functionality of many network security techniques, including antivirus, antispam, firewall, intrusion detection/intrusion prevention, and VPN.
For Cisco routers, the "AAA" network security best practices are:
- Authentication: Identifying users before providing access to a router or switch, e.g. through logins/passwords or through challenge-response mechanisms.
- Authorization: Determining what a given user is or is not allowed to do within the network. Cisco routers have three default authorization command levels: level 0 for basic commands, level 1 for user-level commands, and level 15 for enable-level commands.
- Accounting: Collecting and sharing data used in security audits and reporting, e.g. usernames, executed commands, and task start and stop times.
Best Practice No. 6: Planning for the future
Regardless of how you've configured your Cisco network monitoring setup, it's impossible to predict how the field of network management, monitoring, and troubleshooting will evolve in the short and long terms. As your IT environment changes, your chosen network monitoring tools and practices need to advance alongside it.
Over the past decade, for example, network technologies have gone from 40G to 100G Ethernet, with speeds of 200G, 400G, and even 800G Ethernet on the horizon. As physical network speeds increase, organizations need to adjust their use of packet analysis and monitoring tools to ensure that they can keep up with this faster pace.
In general, today's data centers are seeing faster deployment of new applications and services, making it imperative to keep up with this quickened rate. The growth of cloud services, in particular, requires network management and monitoring tools that can straddle the cloud/on-premises divide.
How MetricFire can help!
In this article, we've gone over some of the most important best practices for Cisco network monitoring, including SNMP, NetFlow, and Cisco ASA—but how can you actually put this advice into practice?
MetricFire is a powerful, robust infrastructure and application monitoring solution in the cloud. With MetricFire, it's easy to see the monitoring KPIs and metrics you need in beautiful dashboards and visualizations from within a single pane of glass. The reasons to use MetricFire include:
- Affordable pricing: MetricFire pricing is very reasonable, stacking up favorably against our competitors: for example, MetricFire costs half as much as Datadog and significantly less than Amazon CloudWatch.
- Open-source core: MetricFire is built on top of open-source network monitoring tools like Graphite, Prometheus, and Grafana. We charge only for the services we provide and not for the software itself—you keep all your data and migrations in and out are easy, so there's no risk of vendor lock-in.
- Top-notch customer support: MetricFire offers excellent customer support options that can be tailored to organizations of any size or industry, from tiny startups to massive enterprises. When you need assistance with the MetricFire platform, we offer first-class technical support from an on-call team of expert developers and engineers. According to Shahar Kobrinsky, VP of Architecture and Scale at Eyeview: "Every time I have a question, I get an answer from support after just a couple of hours. Their technical knowledge is excellent."
- On-premises alternative: For reasons of data security or regulatory compliance, many organizations still choose to maintain their network monitoring functionality on-premises rather than in the cloud. MetricFire meets you where you are by offering both on-premises and cloud-based solutions.
Ready to see how the MetricFire monitoring tool can benefit your organization by implementing best practices for performance monitoring? See how MetricFire can help by checking out a demo of our solution.
Schedule a meeting with our team today for a chat about your business needs and objectives, and to start your no-risk free trial of the MetricFire platform.