Are we properly utilizing these expensive WAN links? That is probably a question you have asked yourself on more than one occasion when you get a bill from your provider. While MPLS/Broadband connectivity both have pros and cons, wouldn’t it be great if you had a tool to see if they were properly being utilized or if load is increasing over time? How about rather than just seeing in/out bits/s, you could determine what application is consuming the link? Stay tuned and see how it works!
While this blog covers how we can report on WAN/MPLS utilization, the same workflows can also be applied for VPN monitoring. Plixer provides VPN user monitoring as well as full support for the unique exports provided by Cisco AnyConnect (nvzFlow).
Remote user capacity planning
Recently I worked with a customer on an issue they were facing where their NAT pool was being filled up very quickly due to the sudden increase in work-from-home employees. We used Scrutinizer to quickly home in on this NAT space and alarm on any time we got over X number of IPs given. This way they could increase the NAT pool before an outage occurs. The report below shows an example of this, where our current NAT space is occupied by ~86 IPs.
This type of reporting is easy to set up and could prevent you from having an outage.
Why is network capacity planning important?
Proper network capacity planning will ensure that your company is using your network more efficiently and not wasting money on bandwidth that isn’t needed. One of the largest benefits of collecting NetFlow/IPFIX is that you can trend this data for multiple years while retaining conversation granularity, allowing you to pinpoint exactly what application is causing the sudden increase in bandwidth utilization.
This report is showing an ISP link of ours starting at the beginning of the year. As you can see from the table, quite a few of these apps are business-critical, but some are less so. We can see that most of our traffic appears to be SSL, YouTube and ISAKMP traffic. We also see a decent amount of Facebook traffic, which over time costs our WAN a lot of bandwidth. Using this information, we can either track down problem users/servers and fix the issues or judge whether to allow these apps. Now that we have a report built, we can easily create a threshold or schedule this report to be sent to our inbox monthly.
Integration with existing tools
Now that we have seen the benefit of monitoring ISP links and looking at application usage, what else can we do? We can integrate our NetFlow and metadata collector with other tools to add more context to the data we collect. It’s advantageous to use best-of-breed solutions that allow you to view their data together in a single pane of glass, lowering MTTK (Mean Time To Know).
For example, an Infoblox IPAM integration, SolarWinds, or even a CSV export will allow the addition of logical IP group to your reports so you can pinpoint issues down to specific groups on the network. Since many tools are coming with APIs, it makes it very easy to use your investments to supplement network capacity data.
Trending network utilization
Since not every network can upgrade links whenever there is a slowness problem, capacity planning reports can be easy to collect to make sure your trends are within scope of your infrastructure. If your team is in need of some granular reports on your WAN utilization, feel free to reach out to our team to see how we can help!
