Occasionally I'll run across a customer who needs to quantify the traffic overhead associated with network management. Ten years ago we used to accomplish this using traffic stats from NMS interfaces, some assumptions, and some arithmetic. What we would do is take average daily traffic from the NMS and assume that all nodes impacted the traffic equally. From there we would calculate the impact on WAN connections using the number of nodes on the far side of the WAN. While this method probably does yield a good estimate of the traffic, these days the words "probably" and "estimate" are usually not sufficient.


Today, chances are that you already are measuring this traffic, you just need to know where to look. If you are using NetFlow Traffic Analyzer (NTA) finding the data is easy. NTA has features that allow you to define traffic types by an IP address (endpoint) or as a application (IP and ports). A simple way to view network management traffic from production traffic is to use the IP Address Group feature. This option is found in the NTA settings page.




Add a group with the IP addresses of your NPM and SAM servers, and then disable the default groups.


ADD IP  ADD grp.png


Now, on to the NetFlow -> IP Groups page.


netflow total ip mgmt traffic.png

This graph is showing the total amount of traffic from management servers network-wide. The question is how much of this traffic is going over any particular WAN link and how is that affecting the WAN? This part is easy. Just navigate on the IP address group page to the NetFlow Sources and drill down to the interface you are interested in.


NTA management traffic per IF.png

Here we can see that the total bandwidth for management traffic on this interface peaks out at about 0.4%. This interface is Ethernet  so your WAN connections will probably peak a bit higher than this. If you want to add you LEM, SAM, FSM, or other management traffic just add the IP address of those servers to the IP Address Group, and you are done.


The nice thing about this is that NTA keeps the IP address groups, so you never have to rebuild these views.


If you want to try this on your network but don't have NTA, try the 30 day evaluation and see what your overhead is.