Active Network Monitoring

What is Active Network Monitoring?

Active Network Monitoring is performed by injecting test traffic into a network and monitoring the path that traffic takes to a target destination. Active Network Monitoring, also known as Synthetic Network Monitoring, has typically used ping and some form of traceroute. These tools have been around for almost as long as the Internet itself and can be very useful for simple tasks such as checking if a host is reachable, determining routes to a destination and measuring network latencies.

Active network monitoring is useful for:

  • Availability monitoring to help determine whether a site is reachable (up/down monitoring)
  • Uncovering primary Layer 3 network path, including intermediary services such as DNS and content delivery networks (CDNs)
  • Measuring basic performance metrics, such as latency

Active network monitoring has historically been the only way to establish a network path and primary availability metrics for Internet-facing applications and services. It can be used repeatedly over a long period to develop baseline metrics useful for identifying anomalies.

Challenges

Traditional active monitoring approaches relying solely on ping and traceroute present challenges, including these critical deficiencies using traceroute:

  • Traditional traceroute using ICMP is often unreliable because many firewalls block ICMP packets. TCP-based traceroute is gaining over ICMP since it provides more accurate results.
  • Load balancing can distort discovered routes because traceroute relies on multiple probes to discover a given path to a destination, there can be cases where load balancing in the middle of the path distorts the inferred route.
  • It is difficult to tell the difference between muted interfaces and real loss. Muted interfaces are those that never reply with ICMP "Time Exceeded" packets. With a single traceroute run it's virtually impossible to tell the difference between a muted interface and a loss episode, e.g., a case of where the packet either got lost on the way to the interface or the reply from the interface is lost.
  • Traceroute may provide an incomplete view of the end-to-end path. Most pairs of nodes in the network have more than one possible route between them. To explore all the alternative routes, you need to issue several probes from the source to the destination.
  • MPLS can distort per-hop delays that are caused by the u-turn behavior of some MPLS tunnels.This means the per-hop delays traceroute gives you can look faster than the speed of light.

Ideal Solution Characteristics

More advanced active network monitoring capabilities offer greater depth into network path and metrics and correlate this data with routing and application-layer data. These include generating network metrics for:

TCP Web Streams

  • Packet loss
  • Latency (RTT)
  • Jitter
  • Path MTU
  • MSS
  • Available bandwidth

RTP Voice Streams

  • RTP Voice Streams
  • MOS scores
  • Packet loss
  • Discards
  • Latency
  • Packet delay variation
  • Received DSCP

Path Traces

  • Forwarding loss
  • Terminal hops
  • Link latency
  • Interface MTU
  • MPLS tunnels/labels
  • QoS (DSP)

In generating these metrics, advanced active network monitoring solutions need to ensure that the synthetic probes are indistinguishable from application traffic and that probes only require instrumentation at the client.

ThousandEyes Path Visualization technology addresses many of the challenges associated with using legacy active network monitoring tools.