Network baseline: new technologies, new challenges

Network baseline and the challenges imposed by new technologies

The issue of network baseline arose quite some time ago. Everything started from the understanding that networks are not static entities, but are a set of elements that change over time.

It was also understood that networks are not only made up of physical and tangible elements, such as a router or a switch, but we must also have more abstract elements, such as the traffic pattern over a WAN link, for example.

All this led us to the need to evaluate over time the characteristics, behaviour and especially the performance of networks.

Here, the idea to have a network baseline arose, representing its state ¨normal¨ or ideal¨, proposing an analysis based on the comparison of the situation of a given moment with the ideal state or baseline, and according to the differences infer information on the performance of the network.

However, considering the initial idea that networks change, it was determined that a functional network baseline was not a simple report on the state of the network at any given time, and it was established that the true benefits of a baseline are obtained when that baseline is regularly reviewed and updated over time.

Methodologies and procedures for establishing network baselines and discussions about what to include, what parameters, what values, how often to revise the baselines, etc. soon emerged.

And although a standard for network baselines was never achieved, the concept was extended to the rest of the platform (networks, WAN links, servers, applications, processes, etc.).

However, the platforms we intend to evaluate using baseline have undergone profound changes due to the penetration of technologies such as virtualization, cloud services, SD-WAN, among others.

That is why in this article we propose to review the challenges that new technologies imply for the creation, maintenance and use of network baselines.

Baselines and their benefits

Let’s start by going through the benefits of network baselines and verifying their current relevance.

• A baseline allows you to determine the abnormal behaviour of some element of the platform, for example the presence of an abnormal traffic pattern that may be indicative of an application performance problem or a security breach.
• Given a specific requirement on the platform, a baseline can allow us to evaluate whether or not the platform can satisfy that requirement.
• A network baseline can facilitate the analysis associated with the introduction of a change in the platform, providing us with a before and after vision of the change.
• It allows preventive action to be taken, i.e. to anticipate performance problems even before users complain or an alarm is triggered.

  For example, let’s say that in our baseline we include a latency parameter for which the quality limit is set to 5. Working with the baseline we can identify a constant increase in this parameter, from 3 to 4.4, which would lead us to take preventive action.

• It facilitates the evaluation and optimization of costs associated with the platform; the typical example here is to use the baseline to evaluate the pattern and amount of traffic of WAN communication links, in order to identify which links are being underused and which are reaching their limits of use.

Network baseline and monitoring tools

Baseline creation and maintenance processes have a before and after with the penetration of monitoring tools.

A general purpose-monitoring tool, such as Pandora FMS, is undoubtedly the ideal platform to generate and apply the baseline concept.

To specify the relationship between network baselines and monitoring tools we can mention the following:

• Extraction of information: Before the monitoring tools, one of the most complex phases of creating baselines was undoubtedly obtaining information about the platform’s equipment.
  If you wanted to use the SNMP protocol to get this information, you needed a scheme to implement the protocol. In addition, the diversity in brands and in the nature of the platform’s devices was an obstacle that could lead to the presence of several administrative tools.

  With the monitoring tools, first of all the obtaining schemes are diversified: we can think in SNMP for some devices and WMI for others.

  On the other hand, the tools represent a central point from where all the devices of a platform can be accessed regardless of their purpose, brand or model.

• Alert scheme: One of the main advantages of the monitoring tools is the implementation of an alarm scheme.

  A central point in this implementation is the definition of KPIs (key performance indicators), as well as their values ¨normal¨ or ¨ideal¨.

  Without a doubt, organizations working with baselines have the work ahead of them, so they can adjust the alarm platform with relative simplicity.

  Those who do not, at the time of completing the installation of the monitoring tools can create a baseline with all the facilities provided by the tool, in addition to taking advantage of feedback from the results obtained through the monitoring platform, to adjust or update the baseline.

  To the reader interested in Pandora FMS alarm system we recommend this article, which presents a very clear introduction to the subject.

• Multilayer analysis: With this type of analysis we refer to the capacity that we have, with Pandora FMS, to be able to cross information on two or more elements of the platform during the search for the resolution of a performance problem.

  This analytical capability gives baselines much greater justification and even a new dimension, as the relationship that must exist between different elements of the platform to ensure a certain level of performance can be recorded.

The new challenges

In this section we invite you to reflect on the impact that certain technologies have on the management of baselines.

Diversity in network types

The more diverse our platform is the more complicated it becomes to establish and maintain a functional Network Baseline.

With diversity here we mean the inclusion of technologies or models different from those we regularly use in our platform.

For example, the popularization of wireless technologies has posed a challenge to administrators of traditionally wired networks, who have seen wireless networks grow in size and importance in their organizations.

Including the performance of services supported by wireless networks requires assuming new evaluation parameters and new ways of measuring those parameters.

This, which does not sound so complicated, actually involves a lot of knowledge and research on these technologies, so as to be able to make their inclusion to the Network Baseline properly.

What happens with technologies such as wireless networks also happens with working models. Thus, models such as Internet-centric, SD-WAN, DevOps, Agile, and others, which propose changes in resource design and utilization, pose a challenge to global performance managers who typically use network baselines.

Changes in architecture

Almost any procedure designed to establish a network baseline is part of a fundamental activity; running an inventory of all key elements of the platform.

If something changes in our platform, this change is reflected in our baseline through an update and the generation of a new state ¨normal¨.

In these baseline upgrades, virtualization technologies represented a challenge, as it was necessary to consider not only the physical elements but also all the virtual devices that were being used.

Likewise, hybrid platforms (cloud – own network) or the fact of having applications or part of them based on cloud services should be reflected in our baselines.

This implies, for example, that the response time in the execution of an action in an application must be calculated by reflecting the response time associated with the elements in the cloud and the response time associated in our own network.

On the other hand, the presence of a new element in the platform -we refer to cloud services as such- leads us to the need to measure its performance.

This implies that we must determine how to evaluate the performance of AWS or Azure, as we have always done with WAN links, for example.

The dwell time of the elements

Today, the permanence in time of virtual elements and resources in the cloud represent a challenge for those responsible for the baselines.

Let’s say, for example, that we have an application supported by servers in the cloud and using the facilities provided by the provider we are able to design the presence of a group of servers only when the number of transactions exceeds a certain limit value, on demand.

These same servers will then be automatically deleted if the number of transactions falls below that limit.

This scheme, which can be very appealing both technically and economically, should be considered when establishing the baseline associated with the application in question, since, as is well understood, these are two quite different platforms.

Also, on-demand server service should be measured to ensure its effectiveness.

The above is just one example, but it illustrates how the way baselines are conceived, maintained and used must accommodate the presence of ephemeral elements that are very common in virtualized environments and cloud services.

In short, we can say that the benefits of generating, maintaining and analysing the performance of our platform based on network baselines are still exciting, so we must update this classic in order to adapt it to the presence of new technologies.

On the other hand, having a general purpose-monitoring tool, such as Pandora FMS, offers us the best possible scenario to generate and maintain a base line.

If you want to monitor more than 100 devices, you can contact Pandora FMS team in a very simple way, thanks to this contact form.

If your monitoring requirements are modest, you can use Pandora FMS OpenSource version. Find more information here.