Investigating network congestion

In almost any modern enterprise environment, identifying the who, what, where, when, and why behind congestion issues requires tools that go beyond inundating network teams with large volumes of raw data.

Through Plixer Scrutinizer, the Plixer One Platform (Core, Network, or Security) enables multiple approaches to dealing with network congestion issues:

  • Drill down into network device/host activity to identify root causes for congestion by applying one or more filters and pivoting between different Report Types.

  • Monitor network devices and/or interfaces for congestion in the Top Interfaces view.

  • See real-time rates and utilization between devices and other objects in Network Maps by adding Connections with custom color-coded thresholds.

  • Get high utilization alerts via the Plixer Scrutinizer Alarm Monitor by adding user-defined thresholds to Reports.

Overview

Teams can leverage the following Plixer Scrutinizer features/functions to proactively watch for network congestion, collect insights into the root cause(s), and respond efficiently.

Reports

Reports aggregate data from any number of user-specified devices and dimensions and can show sources of congestion and bandwidth consumption:

  • Identify “Top Talkers” on the network using Source and Destination Reports.

  • View peak and 95th percentile in Traffic Volume Reports.

  • Check for latency and packet loss with Plixer FlowPro APM Application Retransmission Reports.

  • Apply any number of filters for subnets, applications, usernames and then pivot directly to another Report Type to narrow down your results.

Report Thresholds

Custom Thresholds can be added to saved Reports to monitor for congestion and trigger Alarm Monitor alerts when those thresholds are reached. With a Report Threshold configured, the Report can be re-run to monitor for min/max bandwidth utilization and mitigate regression after congestion sources are identified.

Hint

If a Notification Profile is assigned to the Report Threshold Violation Alarm Policy, the threshold can be used to trigger notification actions, such as email alerts and CEF notifications for external tools.

Top Interfaces view

The Top Interfaces view (Explore > Exporters in the web interface) can be used to monitor all device interfaces, from the most saturated down to the least utilized. This allows network teams to identify which ones are most affected by congestion at a glance. The view can also be used to inspect highwater marks that indicate peak saturation over a period of time.

Hint

The Explore > Exporters page can be set to show either By Interfaces or By Exporters as the default in your user preferences menu.

Map Connections

After a Network Map is populated with devices and other objects, it can be further customized with Connections representing activity between devices, objects, and/or interfaces. Connections can also be individually configured with utilization thresholds that change the color they’re displayed in, giving teams a bird’s eye view of potential congestion issues in real time.

Hint

Click on devices or interfaces in a Network Map to quickly jump to the Top Interfaces view filtered on the object.

Workflows

The following workflows show how multiple Plixer One Platform functions can help network teams mitigate, and/or investigate network congestion issues.