A subject that I get asked about a lot is how to monitor and measure network traffic. There are many different ways to look at network traffic and link performance and several different schools of thought on which measures hold the most value.

In discussing this subject, let's first limit the conversation to WAN link analysis which is usually where people start to see issues with bandwidth utilization and latency. This isn't to say that you can't see these issues on the LAN - just the other day I was talking to an engineer that is daily fighting these issues on his LAN where the amount of data, voice, and video traffic is overwhelming even 10 gbps links in cases. Nevertheless, much more commonly the issue is on the WAN so let's talk about that first.

The first thing to understand about WAN links is that they're pretty much all full duplex. This basically means that they can both send and receive traffic simultaneously. You might compare a full duplex link to a typical highway bridge and then contrast that with a half duplex link which is more like one of those old time wooden bridges that is only wide enough for one car. This is important because you now have to analyze the traffic in each direction, almost as if they were two separate links. I do see a few cases where you may need to understand the aggregate in/out traffic on a link, but those cases are usually limited to situations where you either a) are getting billed for the total amount of traffic in/out of a location by your service provider or b) you're concerned about the total amount of traffic going through a device. "b" is only typically a concern if you're sending an extremely high amount of some very specific traffic types and you'll probably be working directly with your hardware vendor if you suspect that this is the issue.

So, let's assume that we're analyzing the network traffic in each direction separately. Next, you need to understand that each network interface is unique - meaning that you have to evaluate each hop separately along the traffic path. Case in point - we get asked sometimes for "network wide" bandwidth utilization reports or for reports that aggregate these statistics for all of the links along a specific path. As an engineer, I can't think of a case where I've actually used this data other than to satisfy the curiosity of some executive that didn't really understand network traffic anyway and was basically trying to figure out if they were spending too much on bandwidth or not. So in a nutshell, you need to analyze each LAN link or network interface separately and you need to analyze the traffic going in each direction separately. Effectively, for every link between two devices you now have 4 different places to look for issues. Trust me, it's much more complicated to try to troubleshoot an application performance issue over the network without this knowledge - even though at first it may seem complicated.

The next thing that's really important as it relates to analyzing network traffic and performance is understanding the difference between bandwidth and latency. To go back to our highway example, imagine that the bandwidth is the number of lanes that have going in each direction. If you have the same number of lanes going to and from the destination then you could say that your bandwidth is symmetrical. However, many times, for instance if you have a broadband connection at home, there will be only say 2 lanes heading away from your house and 10 lanes heading towards it. In this case you would consider the link to be asymmetrical.

Latency quite simply is the amount of time that takes to drive to the other end of the highway and back. This is usually described as Round Trip Latency (RTL) or Round Trip Time (RTT). In some cases you'll see the latency measurement broken out for each direction, but not commonly.

Anyhow, that's a very quick summary of some things that you need to know in order to get started with understanding how to measure your network traffic. I'll stop here otherwise nobody will read this far   If you're interested in hearing more on this subject or if you're interested in understanding how to more deeply analyze a specific type of network traffic or network topology, please let me know.

Flame on...

Now to Pay the Bills...
For those of you that have Orion, you'll see that when you look at the Interface Details page for a managed interface you see not only the average bandwidth utilization in each direction (receive and transmit) but you'll also see  high and low water markers. This is really important, because you need to understand how often and for how long your network traffic spikes to the maximum allowable level. Additionally, if you have the VoIP module, you can view latency as it is measured from the remote router to the device on the other end of its WAN connections. This is pretty cool, especially if you put it on the same page with the other interface details and statistics and can really make it quick and easy to diagnose network performance issues. If you don't have Orion, you can still check it out on our online demo server at: