What is the best way to monitor taffic across a Campus?

Unanswered Question
Nov 25th, 2008

I am trying to find the best way/ways to monitor traffic across a campus network. The two solutions I have thought of are using Netflow or ERSPAN. However, neither are supported by the devices in this network. Here is a quick overview of the network...

Core Switches (3750 Stacks) using Layer 3

|

Distribution Switches (3750 & 3650s) using L3 towards Core and L2 towards Access

|

Access Switches (Mostly 3500s) using L2

What are the best options for monitoring traffic on this type of network? All links between switches are Gig, so we have plenty of bandwidth. I would really like to be able to setup snort/ntop or something similar.

Are there any solutions available that I could use RSPAN and a monitoring computer at the Access Switches and have them report back to a central monitoring machine? I would prefer a centralized solution.

Thanks,

Garrett

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Tue, 11/25/2008 - 10:49

what exactly are you trying to monitor?

ALL traffic? outbound (internet bound) traffic? top talkers? top protocols? server traffic only? end user traffic? etc etc

mcpasdgarrett Tue, 11/25/2008 - 12:26

Ideally I would like to be able to monitor all traffic. I do understand that this could be an extremely large load on the network. At a minimum it would be nice to be able to monitor specific ports at any given time. For example... if I would like to monitor a specific port to troubleshoot network connectivity issues how could I go about doing this remotely? Also, I would like to have some sort of NIDS, which I would think would need all traffic to calculate abnormalities.

My office is in the same building as the core. From there I would like to be able to monitor traffic at any building on any port.

Thanks,

Garrett

sachinraja Tue, 11/25/2008 - 13:20

Hello Garrett

Each monitoring software has its own limitations/specifications..

If you want to monitor traffic/protocols running on ur network, on a constant basis, you will have to use Netflow.. You can use a simple netflow collector, and collect reports, and analyze the application traffic on your LAN/WAN.. Not sure if this will help too much in troubleshooting, since this will be more used for trending your applications. You can probably discover new applications, which arent used much on your network, using this..

But for real troubleshooting, you will need something like a syslog server.. u can configure logging levels and push important errors/updates from the cisco gear to this box. In case your box goes down, or has issues, system log messages will be dumped to this server and will be a very useful device for troubleshooting... eg, kiwi cat, solarwinds, 3cdaemon, and lots of other freewares...

I would ideally have both these components on my network, for trending and troubleshooting..

apart from this, if you have other advance technology products, like wireless, application accelaration etc, there are other network management solutions available..

Hope this helps.. All the best.. rate replies if found useful

Raj

mcpasdgarrett Tue, 11/25/2008 - 18:45

Raj,

I would like to use Netflow, but the devices on this network don't support it. I am working with Catalyst 3750s, 3560s, 3550s and 3500s. I am currently using Zenoss for trending, logging and monitoring. It works fine on a high level, but doesn't give me a way to look closely into what is going on on the network. For example, from Zenoss I can see that a port has high utilization. If I want to see what traffic is causing the high utilization I need to go to the physical location. I am looking for a away to quickly view the traffic from anywhere on the network.

Thanks for your reply,

Garrett

Actions

This Discussion