Investigating network congestion#
In almost any modern enterprise environment, identifying the who, what, where, when, and why behind congestion issues requires tools that go beyond inundating network teams with large volumes of raw data.
Through Scrutinizer, the Plixer One Platform (Core or Enterprise) enables multiple approaches to dealing with network congestion issues:
Drill down into network device/host activity to identify root causes for congestion by applying one or more filters and pivoting between different report types.
Monitor network devices and/or interfaces for congestion in the Top Interfaces view.
See real-time rates and utilization between devices and other objects in network maps by adding connections with custom color-coded thresholds.
Get high utilization alerts via the Scrutinizer Alarm Monitor by adding user-defined thresholds to reports.
Overview#
Teams can leverage the following Scrutinizer features/functions to proactively watch for network congestion, collect insights into the root cause(s), and respond efficiently.
Reports#
Reports aggregate data from any number of user-specified devices and dimensions and can show sources of congestion and bandwidth consumption:
Identify “Top Talkers” on the network using Source and Destination reports.
View peak and 95th percentile in Traffic Volume reports.
Check for latency and packet loss with FlowPro APM Application Retransmission reports.
Apply any number of filters for subnets, applications, usernames and then pivot directly to another report type to narrow down your results.
Report Thresholds#
Custom thresholds can be added to saved reports to monitor for congestion and trigger alarm monitor alerts when those thresholds are reached. With a report threshold configured, the report can be re-run to monitor for min/max bandwidth utilization and mitigate regression after congestion sources are identified.
Hint
If a notification profile is assigned to the Report Threshold Violation alarm policy, the threshold can be used to trigger notification actions, such as email alerts and CEF notifications for external tools.
Top Interfaces view#
The Top Interfaces view (Explore > Exporters in the web interface) can be used to monitor all device interfaces, from the most saturated down to the least utilized. This allows network teams to identify which ones are most affected by congestion at a glance. The view can also be used to inspect highwater marks that indicate peak saturation over a period of time.
Hint
The Explore > Exporters page can be set to show either By Interfaces or By Exporters as the default in your user preferences menu.
Map Connections#
After a network map is populated with devices and other objects, it can be further customized with connections representing activity between devices, objects, and/or interfaces. Connections can also be individually configured with utilization thresholds that change the color they’re displayed in, giving teams a bird’s eye view of potential congestion issues in real time.
Hint
Click on devices or interfaces in a network map to quickly jump to the Top Interfaces view filtered on the object.
Workflows#
The following workflows show how multiple Plixer One Platform functions can help network teams mitigate, and/or investigate network congestion issues.
Monitoring for congestion issues
A user calls in reporting that everything on the network is taking an excessive amount of time to load, indicating network congestion.
Workflow
Navigate to Explore > Interfaces
Identify instantly if any interfaces are congested
Open a “Conversations” Report to see the top source and destinations of bandwidth
We may find that a host on the network is performing write intensive backups during the day and eating up all available bandwidth.
Tip
If Host Indexing is turned on, you can look up a user’s IP and see all network devices that saw that address.
Note
Scrutinizer records highwater marks that represent the peak utilization for each interface.
Troubleshooting poor call quality
The sales teams reports that outbound calls have been of poor quality recently. Jitter happening sporadically on the call, making it difficult to conduct business efficiently.
Workflow
Navigate to Reports > Run Report > Select Report Types
Under the Flowpro APM Reports category, select a report like ‘Host to Host Jitter All by SSRC’
Open the report and note the report columns such as Source Jitter and Packet Loss
We may find that we can measure the jitter and packet loss and see what the RTP payload type was. Perhaps the subnet traffic is not using class-based QOS and voice traffic isn’t being prioritized.
Note
FlowPro is part of the Plixer One platform. To learn more, see the section on FlowPro integration.