A comprehensive list of best practices for bandwidth monitoring in enterprise networks.
In this article, I will share my tips on how to effectively monitor bandwidth usage, what you should be monitoring, and some real-world examples.
1. Use The Best Bandwidth Monitoring Tools
If you don’t have a good bandwidth monitoring program, then it will be difficult to properly track, plan, and troubleshoot network bandwidth usage.
I’ve compiled a list of the 11 best bandwidth monitoring tools that are available today. This list includes free and paid monitoring tools.
For enterprise networks, I prefer a paid solution that includes technical support. Bandwidth monitoring is critical and I need to make sure it’s running 24/7. If there are issues with the software, my team can contact technical support to quickly resolve them. This is not always the case with free and open source tools.
2. Monitor the Bandwidth on All Infrastructure Devices
To really understand your bandwidth usage, you need to monitor all infrastructure devices including routers, switches, access points, servers, IoT devices, and so on. Monitoring everything will help you visualize bandwidth usage across your entire network, and will be a huge time saver when there are network performance issues.
If you monitor a single device such as the internet router you will not have visibility into what devices on the internal network are consuming the bandwidth usage. When traffic gets to your internet router, it is most likely the NAT IP address so this doesn’t tell you which internal device it is.
3. Monitor Network Traffic Flows (NetFlow)
If you are doing basic bandwidth monitoring with SNMP only, then you are missing out on some key metrics. For in-depth bandwidth monitoring, you need to be using Netflow technology.
NetFlow data can provide the following:
- Ingress interface
- Applications in use
- Source and Destination IP Address
- IP Protocol in use
- Source and destination ports
- IP types of service
SNMP only provides the incoming and outgoing traffic rates, it will not show the source and destination IP address. It also will not show you how much bandwidth youtube or Netflix are using, for that you will need NetFlow. Below is an example of Netflow capturing the top 10 conversations on the network and how much data was sent and received. You will not get this level of detail with SNMP Monitoring Tools.
There are many tools on the market that include the ability to monitor NetFlow data. You will need to make sure your hardware supports NetFlow or a related flow technology.
4. Create a Bandwidth Usage Baseline
A bandwidth usage baseline will give you a reference point as to what is normal bandwidth usage on your network. Knowing your baseline will then make it easy to troubleshoot, spot bandwidth spikes, and plan for upgrades.
You will need to use software to gather metrics from devices over a period of time to create a baseline, most programs will do this automatically. You should review these reports on a regular basis.
If your bandwidth usage increases by 50 Mbps over a 30-month time span will you notice? If you know your baseline then this will be easy to spot.
5. Know What Network Protocols are in Use
When using NetFlow to monitor bandwidth you will have visibility into what protocols are in use. Knowing what protocols are in use can be valuable for network security. It can help you spot insecure protocols in use like HTTP or telnet. It also helps to show you how much bandwidth each protocol is using.
After reviewing the protocols in use for a medium sized network we noticed telnet traffic going to the internet. Because we had NetFlow monitoring enabled, we were able to see the source and destination IP addresses. We tracked it down to a traffic monitoring system sending pictures to the cloud server. We contacted the owner and told them that telnet is insecure and they need to change it to a secure protocol (SSH).
If we did not review the protocols in use, the user would have continued to send unencrypted data over the network. This could have led to a potential data breach or a compromise of the system.
6. Identify Top Bandwidth Talkers
There is always someone or something on the network that consumes a lot of Bandwidth. You should be able to quickly identify top bandwidth talkers on your network. As a Network Administrator, it is very frustrating getting reports of bandwidth issues but not knowing who or what is causing it.
Reviewing the top bandwidth talkers can help narrow down those that are abusing the network.
As a Network Administrator, I would look at internet usage multiple times a day. There was one group of users that would always show up in the top talker’s report, the guest wifi.
Everyone would connect their phones and start streaming music or watching movies using the corporate guest wifi network. It got so bad, that we had to start rate-limiting the guest network because someone would download updates that would consume all the bandwidth.
7. Monitor Bandwidth Usage by Application
Do you know how much bandwidth youtube and other streaming services are using? Streaming services can often consume a large portion of your enterprise bandwidth. If you don’t have restrictions in place this can impact the corporate network and cause business applications to run slow. The ability to view bandwidth usage by application is a valuable insight for troubleshooting bandwidth usage.
In one organization I worked for, we used NetFlow to identify that 30% of the bandwidth usage was from streaming services like youtube and Netflix. Some locations were streaming baseball and golf games from their work computers.
8. Set Bandwidth Thresholds and Alerting
You can’t sit and look at bandwidth usage all day long. Identify what is critical and create email alerts so you can automatically be emailed on bandwidth related issues. Most tools include a list of predefined alerts but also allow you to create custom alerts.
9. Monitor Bandwidth Usage in Real-Time
A lot of programs only provide an average bandwidth usage over a period of time. This is not the same as real-time bandwidth usage and can be confusing when troubleshooting a network problem. Below is what you will typically see on the dashboard, the usage over a period of time (not real time).
Make sure you have the ability to monitor in real time. Real time monitoring can also show bandwidth usage spikes that you don’t normally see in summary dashboards.
During the Covid 19 pandemic, all employees were allowed to work from home. We had 1000+ users hitting the internal network from outside through VPN and Citrix. This puts an additional load on our internet connection. The interface summary didn’t really show much of an increase in bandwidth. When we used real-time bandwidth monitoring, it was a different story. It showed mini spikes in traffic that exceeded our maximum allowed bandwidth which caused packets to be dropped.
10. Run Bandwidth Usage Tests (iPerf)
To verify you are getting the bandwidth throughput you are expecting use a free tool called iPerf. This is a free command-line tool that allows you to test the bandwidth between two systems. It’s also useful for troubleshooting network speed.
11. Monitor Bandwidth Usage by IP Address Groups
If your tool does not group IP addresses together then see if you can add this feature. There are many times you may need to track bandwidth usage by IP address groups. This works really well if you have properly segmented your network.
One example I have is a department that purchased a cloud-based video surveillance system. Once installed, users across the organization started reporting slowness issues. We started to notice an increase in bandwidth usage of the internet. Our bandwidth tools were able to track this back to an IP block that belonged to the department.
Since we tracked the bandwidth increase to a single department, we were able to charge them back for the bandwidth increase.
12. Track Bandwidth Usage by Geolocation (country)
Review traffic sent and received to other countries.
Although it is not uncommon to see lots of traffic being sent and received to other countries, you might wonder if it is legit traffic? You should review this traffic to understand its business use, if there is none consider blocking the traffic. This can really cut down on security threats.
Again, make sure you review this traffic, a lot of applications reside in other countries. So blocking a country could block an application from working. Also, get approval as this can really come back to bite you.
13. Bandwidth Usage on Network Firewalls
Most next generation Firewalls have built-in bandwidth reporting. These reports can provide a lot of details that other tools can’t.
Below is a screenshot from the FortiGate Firewall. These firewalls have reports for many metrics including bandwidth. and they are great at providing Geolocation information on inbound and outbound traffic.
You may need to look at the bandwidth on Firewalls separately from your enterprise monitoring tools. This is due to the Firewall having extra visibility (SSL inspection) into your inbound and outbound traffic.
Do you have any bandwidth monitoring tips? Let me know by leaving a comment below.