1 | P a g e
Learner Guide
ICTTEN615– Manage
network traffic
2 | P a g e
Version control
| UnitCode | DocumentVersion | Releasedate | Comments/actions |
| ICTTEN615 | 1.0 | 19 Jan 2021 | Thisversionfirst releasedwithICT Informationand Communications TechnologyTraining PackageVersion7.0. |
3 | P a g e
Table of Contents
Introduction…………………………………………………………………………………………………………………………. 5
Overview……………………………………………………………………………………………………………………………… 6
Chapter 1. Evaluate network capacity and traffic congestion……………………………………………………. 12
1.1 Obtain work details, planned network strategy and scope from relevant personnel and arrange
for site access in compliance with required security arrangements, legislation, codes, regulations
and standards …………………………………………………………………………………………………………………. 12
1.2 Interrogate system monitoring alerts and alarms and identify areas of route and circuit
unavailability…………………………………………………………………………………………………………………… 29
1.3 Assess planned and unplanned outages to determine network unavailability and verify
restoration times …………………………………………………………………………………………………………….. 38
1.4 Obtain and interrogate network management system and identify traffic status……………….. 42
1.5 Analyse system alert and identify real and potential traffic problems……………………………….. 48
1.6 Analyse customer complaints and traffic measurement data to identify network problems… 53
1.7 Activate and deactivate semi-permanent controls active in the network on a regular basis to
simulate irregular traffic…………………………………………………………………………………………………… 61
Chapter 2. Develop traffic control strategies ………………………………………………………………………….. 63
2.1 Conduct traffic measurements across all required routes ……………………………………………….. 63
2.2 Analyse results, historical data and traffic volume requirements ……………………………………… 69
2.3 Determine specific thresholds, loading and grading levels to alter traffic flows………………….. 74
2.4 Obtain funding parameters and budgeted levels, and determine plan amendments ………….. 77
2.5 Confirm that traffic control strategies to prevent traffic problems……………………………………. 78
2.6 Develop strategies for recovery where traffic congestion occurs ……………………………………… 78
2.7 Develop contingency plans to allow for problems during network changes……………………….. 83
Chapter 3. Apply short and long-term traffic solutions…………………………………………………………….. 89
3.1 Implement software changes according to planned network strategy………………………………. 89
3.2 Develop short-term ad hoc solutions where only a temporary solution is required…………….. 91
3.3 Confirm that reversal action can be initiated in cases of temporary solutions ……………………. 91
3.4 Implement contingency plan where required according to organisational requirements…….. 91
3.5 Conduct monitoring of changes and take measurements to assess outcomes of variations…. 93
3.6 Analyse measurements and provide a report to relevant personnel with recommendations for
further changes ………………………………………………………………………………………………………………. 95
3.7 Review and monitor strategies and initiate corrective action where required………………….. 106
Chapter 4. Detect and take action on traffic congestion…………………………………………………………. 109
4.1 Measure and analyse traffic loads to assess congestion problems and determine possible
impact………………………………………………………………………………………………………………………….. 109
4.2 Control traffic flow and prevent processor overloads……………………………………………………. 112
4.3 Evaluate potential traffic increases for impact on the network and develop contingencies to
control traffic flow if required …………………………………………………………………………………………. 118
4 | P a g e
Chapter 5. Provide traffic indicators for capacity planning ……………………………………………………… 121
5.1 Predict future potential traffic trends and requirements using data on current and historical
traffic patterns………………………………………………………………………………………………………………. 121
5.2 Identify potential network traffic problems and make recommendations to network planners
……………………………………………………………………………………………………………………………………. 121
5.3 Complete reports with recommendations and forward to relevant personnel …………………. 122
Bibliography……………………………………………………………………………………………………………………… 128
5 | P a g e
Introduction
The guide is going to discuss various aspects of telecommunications network engineering. This guide
briefly outlines network capacity and problems. In addition, it discusses development strategies to
overcome network traffic problems and apply short- and long-term solutions for network
congestion. Moreover, a brief explanation about network monitoring and tools used to monitor
network problems. The purpose of this guide is to explain and highlights the information, that needs
to be in mind while monitoring and controlling network congestion.
The detailed discussions about criteria as mentioned above, will be explained in 5 chapters which
are:
• Evaluate network capacity and traffic congestion
• Develop traffic control strategies
• Apply short and long-term traffic solutions
• Detect and take action on traffic congestion
• Provide traffic indicators for capacity planning
6 | P a g e
Overview
Network Alarm
Network Alarm Monitoring Systems are devices that are mostly centrally located. They monitor
equipment at your sites for notable events – otherwise referred to as “alarms”. An alarm may vary
from something as simple as an unlocked door or to let you know your equipment is failing and you
are close to a massive network outage.
Types of Routes
Routing is a process that is performed by layer 3 (or network layer) devices in order to deliver the
packet by choosing an optimal path from one network to another.
There are 3 types of routing:
1. Static routing
Static routing is a process in which we must manually add routes in routing table.
• Advantages –
1. No routing overhead for router CPU which means a cheaper router can be used
to do routing.
2. It adds security because only administrator can allow routing to networks only.
3. No bandwidth usage between routers.
• Disadvantage –
1. For a large network, it is a hectic task for administrator to manually add each
route for the network in the routing table on each router.
2. The administrator should have good knowledge of the topology. If a new
administrator comes, then he must manually add each route so he should have
very good knowledge of the routes of the topology.
2. Default Routing
This is the method where the router is configured to send all packets towards a single router
(next hop). It does not matter to which network the packet belongs, it is forwarded out to
router which is configured for default routing. It is generally used with stub routers. A stub
router is a router which has only one route to reach all other networks.
3. Dynamic Routing
Dynamic routing makes automatic adjustment of the routes according to the current state of
the route in the routing table. Dynamic routing uses protocols to discover network
destinations and the routes to reach it. RIP and OSPF are the best examples of dynamic
routing protocol. Automatic adjustment will be made to reach the network destination if
one route goes down.
A dynamic protocol has following features:
1. The routers should have the same dynamic protocol running to exchange routes.
2. When a router finds a change in the topology then router advertises it to all other
routers.
• Advantages
1. Easy to configure.
2. More effective at selecting the best route to a destination remote network and
for discovering remote network.
7 | P a g e
• Disadvantage
1. Consumes more bandwidth for communicating with other neighbours.
2. Less secure than static routing.
Network and Service Outages
A service is the set of tasks performed by the network upon a request from the user such as a voice
call, Internet access, e-mail, and so forth. A service outage is the users’ inability to request a new
service or to continue to use an existing service because the service is either no longer available or it
is impaired. As discussed previously, availability of a network strongly depends on the frequency of
service outages and the recovery time for each outage. A network outage is the loss of network
resources, including routers, switches, and transport facilities, because of the following:
• Complete or partial failure of hardware and software components
• Power outages
• Scheduled maintenance such as software or hardware upgrades
• Operational errors such as configuration errors
• Acts of nature such as floods, tornadoes, and earthquake
What Is Network Management?
Network management refers to the processes, tools and applications used to administer, operate,
and maintain a network infrastructure. Performance management and fault analysis are also
included in network management. To put it simply, network management is the process of keeping
your network healthy, which keeps your business healthy.
Components of Network Management
The definition of network management is often broad, as network management involves several
different components. Here are some of the terms you will often hear when network management
or network management software is talked about:
• Network administration
• Network maintenance
• Network operation
• Network provisioning
• Network security
Importance of network management
The whole point of IT network management is to keep the network infrastructure and network
management system running smoothly and efficiently. Network management helps you:
• Avoid costly network disruptions
• Improve IT productivity
• Improve network security
• Gain a holistic view of network performance
8 | P a g e
1. Avoid Costly Network Disruptions: Network downtime can be very costly. In fact, industry
research shows the cost can be up to $5,600 per minute or more than $300K per hour. Network
disruptions take more than just a financial toll; they also have a negative impact on customer
relationships. Slow and unresponsive corporate networks make it harder for employees to
effectively address customer needs and concerns. And customers who feel this lack of service
could be quick to leave.
2. Improve IT Productivity: By monitoring and learning every aspect of the network management
service, an effective network management system does many jobs at once. IT network
management frees up IT staff to focus on other things.
3. Improve Network Security: With a focus on network management, it is easy to identify and
respond to threats before they propagate and impact end users. Network management also
aims to ensure regulatory and compliance requirements are met. Improved network security
also leads to greater network privacy, giving the user more freedom when using their device.
4. Gain a Holistic View of Network Performance: Network management gives you a complete view
of how your network is performing. It enables you to identify issues and fix them quickly.
What is network traffic?
Network traffic, also called traffic or data traffic, refers to the data moving across a network at any
given time. Network data consists of packets, the smallest, fundamental units of data passed along a
network. Network traffic data is broken into these packets for transmission and reassembled at the
destination. Packets consist of payloads (the raw data) and headers (the metadata) containing
information like origin and destination IP addresses.
There are four broad categories of network traffic:
• Busy/heavy traffic, where high bandwidth is consumed
• Non-real-time traffic, which refers to the bandwidth consumed during working hours
• Interactive traffic, traffic facing competition for bandwidth, which results in slow response
times if prioritisations for traffic and applications are not set
• Latency-sensitive traffic, which can also result in poor response times due to competition for
bandwidth
What is a network traffic monitor?
While a sniffer can provide packet-level insights, only a network activity monitoring solution is
designed to help you answer the question of whether network traffic levels normal for your
infrastructure. Beyond simply monitoring network traffic, it is important to have a network traffic
monitoring tool to measure traffic and provide detailed analysis, allowing you to implement policy
changes and maximise your bandwidth capabilities.
The network traffic monitor tool in SolarWinds BAP is designed to help you identify network traffic
issues with ease, so you can improve your bandwidth capabilities to ensure good performance for
end users.
Network Alerts
If there is an issue somewhere on your network, you need to know about it as soon as possible. A
network performance monitor (NPM) constantly checks for performance problems by scanning your
entire network. When it detects a problem, it informs the user with a network alert. These alerts
9 | P a g e
allow network technicians to respond to problems quickly, reducing the amount of poor network
performance and downtime.
Any NPM worth its salt will have alerting capabilities built in, as network alerts are essential for IT
teams to keep the network functional. However, there are a handful of alerting features that
enterprises should look for in an NPM solution. While these alerting functions are not found in every
NPM, they provide a big advantage for companies to handle common and uncommon network
performance issues. Read on to discover 4 essential network alerting features that every enterprise
should look for in an NPM solution.
Real-time alerts
NPMs continuously check for performance problems across all areas of the network. The time gap
between network sweeps varies depending on the solution, but more high-end tools detect network
issues in real time. If your NPM touts real-time issue detection, it might also send out alerts in realtime. These NPMs inform you of problems as soon as it detects them, even before it finishes fully
analysing the issue. That way, your technicians can begin fixing the problem without having to wait
on the NPM to complete a full diagnosis. This allows your technicians to discover the issue’s source
and solution as soon as possible and apply the fix without losing too much performance.
Intelligent alert descriptions
If all the NPM tells you is that there is a problem on the network, it would not be very useful. Your
team needs to know what and where the issue is, when it started, and what network areas it is
affecting. NPMs need to supply you this crucial information in the alerts they send to you. The alerts
need to make sense for the network team and give them all the important information they need to
fix the problem.
Critical alerts and tiered alerts
Not every network problem is incredibly important. If your NPM tool floods you with alerts on noncritical performance issues, your network team might miss critical network failures. A good NPM tool
should separate problems into separate categories based on their importance. At the very least, the
NPM should define both critical and non-critical network problems and alert you to critical problems
first and foremost. For more advanced NPMs, they implement a system called “tiered alerting” that
assign issues to one of multiple different categories. They then administer alerts from the most
important category first, then move down the list to address less serious problems.
Alert times
While every NPM needs to alert its users to problems, it also needs to know when to send out alerts.
Sending out alerts during off-hours can lead to alerts being lost between the alert being sent and
when the network team can examine the problem. Some NPMs allow you to set on-hours and offhours for alerts so your team only receives notifications during times it specifies. This allows you to
keep alerts from flooding your inbox while your network team is out of the office.
Potential traffic problems
Just like in road congestion, Network Congestion occurs when a network is not able to adequately
handle the traffic flowing through it. While network congestion is usually a temporary state of a
network rather than a permanent feature, there are cases where a network is always congested
signifying a larger issue is at hand.
10 | P a g e
Five (5) common causes of network congestion including:
• Over-subscription
• Poor network design/misconfiguration
• Over-utilised devices
• Faulty devices
• Security attack
Traffic Identification
In general, traffic will be one or more of these types:
• Protocol: a strict set of rules and formats that define how two or more elements share
information (the information flow could be one way or bidirectional). Examples include
UDP, TCP, HTTP, RTMP, SIP, FTP, and SMTP
• Application: traffic associated with a software program. Examples include Skype, Netflix,
PPStream, and games.
• Website: all the web pages that are part of a web domain and all content that is
exchanged with a domain (whether the content corresponds to a web page)
• Service: a more general term that can include websites like Twitter and Facebook, cloud
services like Salesforce, online storage, and many others.
• Provider: typically used to differentiate a brand within a type of traffic. For instance, many
different video providers use RTMP, and many different voice services rely on SIP.
Traffic Measurement
Network traffic analysis (NTA) is the process of intercepting, recording and analysing network traffic
communication patterns to detect and respond to security threats. Originally coined by Gartner, the
term represents an emerging security product category.
How to monitor traffic?
It might seem a little too tech-y or excessive, spying on all the traffic going through your home
network, but it can help provide valuable insights into your network’s performance.
You will uncover exactly which devices, or even specific programs, are hogging your bandwidth.
Through network monitoring, you can uncover where your computers are connecting and how much
data they are sending or receiving. Then, you will be able to correct any problems and make better
use of your network.
There are plenty of ways that you can monitor your network. The three detailed here are probably
the most common and convenient.
Network traffic Monitoring and Measurement
Active Network Monitoring is a practice performed by network engineers to test networks by
inserting test traffic and tracking its path towards a destination. It does this by sending ICMP packets
to collect measurements between two endpoints or more in a network.
Below are some of the metrics that Active Measurement systems must deal with:
• Packet Delay
• Packet Loss
• Packet Reordering
11 | P a g e
• Availability
• Routes
• Packet Inter-arrival Jitter
• Bandwidth Measurements (Capacity, Achievable Through-puts)
Widely used tools such as PING, which is used to measure packet loss and packet delays and
traceroute which can help determine the topology of the network, are some common examples
of essential active measurement tools.
Traffic Measurement Techniques
Many techniques are applied, alone or in combination, to identify traffic and extract relevant fields.
It is not uncommon for vendors to use the term ‘signature’ to mean all techniques.
Increased reliability and accuracy are typically achieved at the cost of greater processing complexity.
This list introduces some popular techniques, in order of ascending reliability/accuracy:
• Port Number: this approach simply looks at the port number of the traffic and concludes
that the traffic is of the type commonly associated with this port. Because of the certainty of
false positives due to many traffic types taking random ports, this approach should not be
used in any circumstances in which reliable identification is needed.
• Regular Expression: A byte pattern that is (assumed/expected to be) a unique identifier for a
Particular traffic type. The longer a regular expression, the less chance of there being a false
positive due to matches against random data. Identification typically requires that one or
more regular expressions be applied across multiple packets and flows.
• Tracker: a stateful technique that monitors state changes within data and control traffic
both to extract information required for further identification (e.g., where the next data flow
will appear) and to provide addition information in general.
• Analyser: like a tracker, but with complete protocol awareness; that is, an analyser can
extract all meaningful pieces of information due to a complete understanding of a protocol.
In the previous example of adaptive video, a tracker would be sufficient to determine from
the control traffic where the data traffic would appear, but an analyser is required to extract
the resolution and codec information.
12 | P a g e
Chapter 1. Evaluate network capacity and traffic congestion
The chapter is going to discuss the following points in detail:
• Obtain work details, planned network strategy and scope from relevant personnel and
arrange for site access in compliance with required security arrangements, legislation, codes,
regulations and standards
• Interrogate system monitoring alerts and alarms and identify areas of route and circuit
unavailability
• Assess planned and unplanned outages to determine network unavailability and verify
restoration times
• Obtain and interrogate network management system and identify traffic status
• Analyse system alert and identify real and potential traffic problems
• Analyse customer complaints and traffic measurement data to identify network problems
• Activate and deactivate semi-permanent controls active in the network on a regular basis to
simulate irregular traffic
1.1 Obtain work details, planned network strategy and scope from
relevant personnel and arrange for site access in compliance with
required security arrangements, legislation, codes, regulations and
standards
Project
A project is defined as a sequence of tasks that must be completed to attain a certain outcome.
According to the Project Management Institute (PMI), the term Project refers to” to any temporary
endeavour with a definite beginning and end”. Depending on its complexity, it can be managed by a
single person or hundreds.
Key Characteristics of Project
13 | P a g e
Temporary
This fundamental characteristic means that every project has a finite start and a limited end. The
beginning is the time when the project is initiated, and its concept is developed. The conclusion is
reached when all objectives of the project have been met (or unmet if it’s evident that the project
cannot be completed then it’s terminated).
Unique Deliverable(s)
Any project aims to produce some deliverable(s) which can be a product, service, or some other
result. Deliverables should address a problem or need to be analysed before project start.
Progressive Elaboration
With the progress of a project, continuous investigation and improvement become available, and all
this allows producing more accurate and comprehensive plans. This fundamental characteristic
means that the successive iterations of planning processes result in developing more effective
solutions to progress and design projects.
Project brief
A project brief may be a brief depiction of key components of your project. Think of it as
a fast outline for project partners and cross-functional collaborators. Your project brief ought
to communicate your project prerequisites without hindering your stakeholders down with as
well numerous details.
A brief could be a straightforward record that traces a summary of your project thoughts. It
highlights all the turning points and appears what work should be done.
Sample briefs are frequently related with extend recommendations, rundowns, breakdown or scope
of work document.
Ways to obtain and write project brief
Temporary Unique
deliverable
Progressive
ElaboraVon
14 | P a g e
The length of a project brief relies on the scope and scale of your project. The
more perplexing the extend is, the longer the brief will be. Let it come
together normally by including data as you wish. Don’t stress around the organise or taking after a
certain layout, a venture rundown can and ought to alter depending on the purpose.
1. Company Profile: Who is your client?
Prior to taking interest in the project, you ought to clarify who this extend is being made for. In other
words, who is your client? Be clear and demonstrate these essentials:
• What is the clients trade name?
• What does their product/service center on?
• What are the most highlights of their manufactured goods?
• What are the mission and vision of the business?
• Who are the competitors?
2. Description of the project
Deliver an outline of the project by characterising the what and the why.
• Describe what this project regarding. Are you overhauling an online? site Building
a modern item? Carry out a research regarding project undertaking?
• What are a few of the basic points of interest and necessities the client mentioned?
• Find out why your client is handling this project. Understanding what spurred them to
urge the ball rolling will assist you distinguish potential detours within the project.
3. Project Objectives: Are they SMART?
It’s not simple to set well-defined destinations within the early stages of a project. But in
case you oversee to do this effectively, it’ll have a noteworthy positive impact on your
team’s efficiency. Here’s how you’ll be able characterise your project’s objectives:
• Specific: Who? What? Where? Why? When?
• Measurable: What are the measurements? Any numbers or rates to reach?
• Achievable: Do you have got assets and skills to reach the objective you’re setting?
• Realistic: Does it coordinate your organisation’s by and large goals?
• Timely: When will you finalise this project?
4. who are the audience or user
In case you need to reach your objectives and total each breakthrough proficiently, you may got
to make personalised projects and be recognisable with the target audience. Before putting as
well much exertion into the bulk of the extend, you’ll ought to learn who your client’s target group
of onlookers is. What is their statistic? What are their interface and objectives? In numerous cases,
clients will give you with bits of knowledge on their clients.
5. Schedule & Budget: When and how much?
One of the foremost critical parts of organising a project is distinguishing the ultimate due date
and planning your team’s endeavours to reach indicated turning points along the way. You ought
to moreover set up the budget of the project in detail to maintain a strategic distance from any lastminute costs.
• What is the anticipated date (by the client) for this project to be finalised?
15 | P a g e
• How do you arrange to oversee the inside organisation? Your group individuals have to
be be mindful of the project timeline so they can meet the due dates for their portion within
the project.
• What is the by and large budget for this project?
• Are there certain angles of the extend this budget has been set aside for?
Clearly diagram how this budget will be went through on the project.
6. Project Scope: What is (not) included?
Each project needs a well-defined scope in arrange to be fruitful. Characterising what is in scope for
the project ought to layout the venture deliverables, highlights, errands, targets, budget and due
dates. On the other hand, you ought to too recognise errands, occupations or forms that are out of
scope, or not pertinent to your team’s work on the project.
In Scope
• What tasks/jobs/objectives are in scope? Explain in detail.
• Are there internal and external deliverables that are expected from the team or the client?
• Is there an important event date or iterative implementation dates that need to be met?
Out of Scope
• What deliverables or tasks are not included in the project? If your client says they will
provide all creative assets for a web design project, this task would be out of scope for your
team’s work on the project.
• What are some ideas or practices that are out of scope?
7. measure success which indicates how you will describe success
When your group has wrapped up up all the assignments and the project is finalised, you’ll need to
know in the event that the time and exertion you put into the project paid off. Each extend ought
to have victory estimations to assess the victory of the project and distinguish forms that can
be made strides in future project. Here are a few questions to inquire whereas characterising “what
makes your project successful”:
• Did you meet the client’s desires? What input did your group receive?
• Did you meet the due dates and venture breakthroughs? Where do you see room for making
strides effectiveness in your team’s process?
• Did you go over the budget? Or did you have got cash cleared out over that seem have
been went through to improve the usefulness or assets utilised within the project?
• Most critically, did you reach the objectives you set?
The key elements of design briefs
A test brief can come in a assortment of sizes and shapes depending on the sort of the project. But
there are common components of any successful plan brief. Here’s all you would like to
know approximately it.
1.The summary of the company
This area ought to contain an overview of the client’s commerce. It’ll offer assistance the
working group to get it the client and the brand.
16 | P a g e
All the points of interest ought to be said here, counting the title, items lines, industry highlights, etc.
Brand mission and the list of competitors may be moreover included.
2. Venture overview
This segment ought to incorporate the project depiction with all the conceivable points of
interest and see on the scope and scale of the project. You ought to clarify in case your client builds
something unused or updates something that as of now exists.
3. Objectives/goals
A extend reason ought to be a clear and quantifiable explanation of
the trade results the project is gathered to attain. It ought to highlight the desires of what
you trust to achieve.
The project may never be executed since there are no clear objectives and objectives.
4. Target audience
In numerous cases, it’s amazingly vital to create a strong understanding of the clients who will
be collaboration with the item. You’ll be given with important investigate approximately the
customer’s target audience. But some of the time you’ll got to do your claim research.
Project scope
Project scope is the portion of extend arranging that includes deciding and reporting a list
of particular venture objectives, deliverables, assignments, costs and due dates. The documentation
of a project’s scope, which is called a scope articulation or terms of reference, clarifies the
boundaries of the extend, sets up duties for each group part and sets up strategies for how
completed work will be confirmed and approved.
The scope is essentially all the work that ought to be exhausted arrange to realise a project’s goals.
In other words, the scope includes the
method of distinguishing and recording particular project objectives, results, breakthroughs, errands
, costs, and timeline dates particular to the project objectives.
Ways to obtain and define project scope
1. Identify the project needs
Once you are clearly able to recognise wants of a project, you’re more likely to set a sound
benchmark from the beginning.
17 | P a g e
Understanding the ‘what and why’ of a project will empower you to
set particular objectives and destinations. It too sets the basis for what errands are to take after and
how they are to be performed.
2. Confirm the objectives and goals of the Project
The premise of the project scope ought to involve your objectives and targets to be one that takes
after a Savvy rule. That’s, to be Particular, Quantifiable and Achievable. It ought
to too be Reasonable and completed inside a particular Timeframe.
• Specific: This includes expressing precisely what the project needs to realise. That’s, what,
why and how these will be done. Clarity will diminish the chances of ambiguities and
misunderstandings.
• Measurable: Are your objectives and destinations able to supply criticism and
be responsible for?
• Achievable: Can your project’s objectives and destinations be accomplished, given
the assets on hand?
• Realistic: Are the objectives and targets simple to convey, particularly on the off chance
that you confront issues or complications. Will these decrease the in general quality of the
project’s result and cause running over budget and not assembly the set deadlines.
• Time Outline: Can your project objectives and destinations be
met inside the designated time outline? Is it a key model to meet these deadlines?
3. Project Scope description
You as a leader, got to be clear approximately the highlights and functioning required for your
product or service.
For case, you’re building web site. You would like a list that gives how you may construct your site,
the sort of branding required and so on. In other words, what certain qualities
will increment accomplishing your project’s success.
4. Expectations and acceptance
fruitful projects are ones that take into consideration the fulfillment of the end-user. Whether they
meet the end-users desires and acknowledge the item, service or handle. The end-users can
be your clients or your inner team.
For clients, this incorporates estimating, esteem, and quality of products/services as well
as accessibility, conveyance and return arrangements. For workers,
this incorporates the adequacy and productivity of modern operational forms. Eventually,
your extend scope is one that ought to be adjusted to giving superior results to whoever
your conclusion clients may be.
5. Identify constraints
There are continuously detours to accomplishing what you were set out to do. When
being mindful of conceivable impediments along the way, it can assist you minimise issues which
will delay or oblige your capacity to realise your project’s outcome.
These can be caused by energetic environmental conditions (internal
and outside), mechanical glitches and/or need of assets. Communicating such issues along with
your group early on and taking steps to overcome these obstacles will decrease delays
18 | P a g e
in project completion and keep investing inside budget. Whether these are based
on suspicions or instability, analysing their affect all
through the projects timeline assist decreases the chance of failure.
6. Identify necessary changes
It is continuously best to maintain a strategic distance from revamping the scope of
your project, because it implies contributing in more time, cash and resources.
However, at times these changes are unavoidable and essential. Restrain changes by taking on
the viewpoints of clients, stakeholders, and representatives included within the project. This
minimises differences afterward on.
Project site
Project location implies the development location where
a open works project including development administrations is being built, introduced, or something
else progressed or recovered, as indicated on the project plans and specifications.
Project sites are utilised to capture assignments and dole out them to individuals in your
organisation, store and oversee project-related documentation, and
track project group occasions on a common calendar.
Project location, implies that portion of the location as shown within the Extraordinary Conditions of
Contract, on, beneath and over which the Changeless Works are to be Executed and any location to
which any Contractor’s Hardware, Materials and Transitory Works are to be conveyed and any other
places as may be indicated within the Contract as shaping portion of the project Site.
Project site access and requirements
For the concept of site access in telecommunication, installing should be done, such as mobile
towers. The rules you must follow for site access are:
19 | P a g e
Telco rights to enter the property
Telcos install and maintain network facilities to give Australians phone and internet services.
Some Telcos have special rights to access properties and install network facilities.
When a telco can enter the property
The law gives Telcos a few extraordinary rights to get to properties when they have to be work
on organise offices. This incorporates work on:
• Low-impact facilities
• Temporary offices for a protection organisation
• Facilities where we donate them a extraordinary allow to work
Work on a low-impact facility
The Broadcast communications (Low-impact Offices) Assurance 2018 records low-impact facilities.
They are for the most part phone and web organise structures that mix with their encompasses.
Low-impact offices include:
• Small radio wires or dishes
• Underground and above-ground structures that ensure equipment
• Underground cables
• Public payphones
• Equipment in buildings to assist endorsers interface to the internet
• Equipment on structures that as of now exist such as buildings, posts or towers
What licensed Telcos can do
Authorised Telcos have the correct to go onto your property to preserve a organise facility.
These rules are within the Broadcast communications Code of Hone 2018.
If other Telcos or phone and web benefit suppliers need access to your property, they will have to
be get you to agree.
Telcos don’t got to get a nearby chamber or state or region government to favour their plans to work
on your property
There needs
the power to
establish a
facility
Low -impact
faciliVes
Design, install
and operate
faciliVes
Access
transmiZer
towers and
underground
faciliVes
20 | P a g e
Telco require the approval from government for installation of:
• A facility that’s not a low-impact office such as a free-standing versatile phone post or tower
• On an region of natural significance
Notify property owners
For the most part, some time recently they go onto your property Telcos must inform you
and anybody who possesses the property.
They must type in to you at slightest ten commerce days some time recently they do anything.
They must tell you:
• The dates they will get to your property
• What they are getting to do
• That they must compensate you in case they cause damage otherwise
you endure budgetary loss
• How to question on the off chance that you would like to
In some cases a telco as it were should inform you inside two days from the date they need to get to,
for example, when they as it were need to examine the property.
There are too times when a telco does not ought to inform you, for case, when:
• They require crisis get to for the wellbeing and security of individuals, the environment or
the property
• To keep up an satisfactory level of service
Other ways to notify clients
You’ll inquire a telco to utilise other ways to inform you, such as by:
You must to begin with compose to the telco to inquire them to alter the way they inform you.
While on your property
While they are on your property, Telcos must take all sensible steps to:
• Do as small harm as is practicable
Email
In-person Telephone
21 | P a g e
• Restore the property as near as conceivable to its unique condition
• Restore your property inside ten days after wrapping up their work unless you or the
occupier of the property concur to a distinctive timeframe
• Use great designing practice
• Protect individuals and property
• Protect the environment
• Follow state, region or nearby government rules for noise
They must also take sensible actions not to intrude with:
• Traffic
• Water service
• Gas service
• Electrical service
• Sewerage service
• Public streets and routes
• Land utilise
Their task in different facility should follow good practice which are in several steps they take to:
These regulations are in the Telecommunications Code of Procedure 2018.
Obligations of carriers
There are limits on what carriers can do beneath the Broadcast communications Act 1997.
These provide landowners and occupiers the right for:
• Notification: Carriers must grant ten days’ composed take note some time
recently they begin any work, other than in crises or on the off chance that the proprietor or
occupier has as of now postponed the correct to be informed. There are elective courses of
action in case the carrier can’t discover the landowner.
• Objection: The proprietor or occupier can question to the carrier, but it must be
at slightest five trade days some time recently the carrier plans to begin work. The matter
can at that point be settled with the carrier, or through the Broadcast
communications Industry Ombudsman. Parties can moreover settle the matter through the
courts.
Design
Plan
Locate
Install
22 | P a g e
Obligations on landholders and occupiers
• Carriers possess any foundation they introduce, counting cables.
• Property proprietors have particular duties and a obligation of care to
carriers beneath common law. In the event that a carrier can illustrate that a
property proprietor had purposely or carelessly caused harm to a cable, the carrier may be
able to look for harms from the property proprietor in a court of law.
Criminal offenses may too apply for deliberateness harm to a carrier’s property.
Legislations compliance
Broadcast communications Act 1997 is the key enactment which controls, among other
things, broadcast communications carriers in Australia.
It is backed by a extend of other enactment, disobedient and codes counting the Broadcast
communications (Customer protection and Benefit standards) Act 1999, which gives for
the foundation of the widespread benefit commitment concerning
standard phone administrations in Australia, the capacity of the Australian Communications and
Media authority (ACMA) to set execution guidelines and commitments on carriers, and
the prerequisite for carriage benefit suppliers to enter the Broadcast communications Industry
Ombudsman scheme.
Specific NBN Co Laws, Regulations and Policies
The regulatory framework for the NBN was established through the National Broadband Network
Companies Act 2011 and the Telecommunications Legislation Amendment (National Broadband
Network Measures -Access Arrangements) Act 2011 which added to the existing generic
telecommunications regulatory framework. Besides:
• Non-discrimination commitments: The Australian Competition and consumer Commission
(ACCC) must distribute direction on NBN Co’s non-discrimination obligations.
ACCC illustrative fabric on the Portion XIC nondiscrimination arrangements: Beneath the enactment, NBN Co can select to distribute a
standard frame of get to assentation and provide a uncommon get to undertaking to the
ACCC almost its terms and conditions for the supply of discount administrations.
• Authorised conduct: The NBN Get to Act presented Division 16 into Portion XIB of the
Competition and consumer Act, which approves, for the Act, certain conduct by NBN
Co that’s sensibly necessary for it to realise uniform national discount estimating. This act
relates to denial to intersect other than at recorded focuses of interconnection, the bundling
of administrations and cross-subsidising in charging for administrations. In any case, current
Government approach on the issue of uniform estimating may result in differential charging
between urban, provincial and inaccessible locations.
• Parts 7 and 8 of the Broadcast communications Act: The NBN Get to Act too presented Parts
7 and 8 into the Broadcast communications Act. These modern Parts apply to fixed
23 | P a g e
line neighborhood get to systems, or parts of such systems, that are
built, overhauled, modified or amplified after 1 January 2011 so that they are able of giving a
carriage benefit where the download transmission speed is ordinarily more than 25
megabits per moment to private or little commerce owners.
Impacts of legislation on the project
Costs and profits
• supply training and safety equipment
• test products to ensure that they meet minimum safety standards
• pay staff higher wages
• provide product warranties
• employ additional staff to cover the hours required
• make financial contributions to employee pensions
• quality assurance procedures
Marketing and sales
There are several advantages and disadvantages of legislation to marketing and sales:
• ensures a sharp brand image
• less risk of impersonation by other brands and products
• fewer returns
• less chance of being sued by customers
• higher sales
Issues for marketing and sales caused by the law which include:
• the branding and IP must be original
• any issues with items seem adversely affect sales
• conforming to all laws can be costly, expanding the significance of creating more sales
Production
Advantages of legislation in production include:
• having high-quality products may lead to more sales
24 | P a g e
• customers may have more confidence in the products
• employees may have higher productivity if they have the right working conditions
Disadvantages of legislation in production include:
• all products and services must be manufactured to satisfactory levels
• using high-quality materials is more expensive
• productivity may be reduced by conforming to the working time requirements
Human Resource act
There are several advantages and disadvantages of legislation on human resources.
Advantages of legislation include:
• lower staff turnover, lessening enrollment costs
• happier representatives, meaning superior productivity
• the lower level of complaints
Disadvantages of law include:
• can be costly to guarantee that all lawful prerequisites are followed to
• any botches can lead to expensive legitimate action
• employers must be exceptionally adaptable with employee
Codes of practice compliance
A code of practice may be a common sense direct on how to comply with
the legitimate obligations beneath the Work health and Safety (WHS) Act and Regulations.
The WHS Act gives for the endorsement, variety and denial of codes of hone by the important Serve.
The Act too traces how codes of hone can be utilised in court proceedings.
Codes of practice have a uncommon status since an endorsed code
is consequently acceptable as prove in court procedures beneath the WHS Act and Controls. Courts
may have respect to a code as prove of what is known approximately a risk, hazard or control and
may depend on the code in deciding what is sensibly practicable within the circumstances to which
the code relates.
The Inter-Governmental Understanding for Administrative and Operational Change in Word
related Wellbeing and Security (IGA) gives Secure Work
Australia obligation for creating demonstrate codes of hone to bolster the blended WHS laws.
A demonstrate code of hone created by Secure Work Australia will as it were have evidentiary
status beneath a jurisdiction’s WHS laws once it is affirmed by the Serve mindful for
work wellbeing and security enactment in that jurisdiction.
Code of practice:
• Deal with a obligation or commitment beneath the WHS Act or Regulations
• Include known data approximately specific risks, dangers and control measures
• help in deciding what is sensibly practicable within the circumstances, and
• can be supplemented with other sorts of direction material.
What are the procedures to develop the codes of practice?
25 | P a g e
To develop the code of practice which is a formal procedure which needs:
• consultation with governments, unions, boss associations and the public
• consideration of administrative impact
• approval by the Select Council of Workplace Relations (SCWR), and
• approval as a code by the significant Minister
Standards and regulations compliance
Regulation
A regulation is a requirement for your project. You must follow the rules.
Regulations include applicable laws.
For example, there is a range of regulations that can influence the way you approach your project
and what you can and cannot do. Here are some areas affected by the rule:
• Breaks for workers and time away from their job, e.g. for lorry drivers
• Overtime hours
• Maternity, paternity, family, sickness and medical leave
• Health and safety
• Data protection
• They are reporting, e.g. for accidents or spillage of controlled substances.
Laws vary between countries, so check what applies to where you are based. Also note that in
multinational projects, the laws and regulations might differ for people on your teams in different
locations.
Standards
A standard is a guideline. Your project should follow instructions because they are there for a
reason, but if you can justify why you need to approach something differently, then you don’t have
to follow the standard.
26 | P a g e
For example, it might be the standard that no one in your office works on a bank (public) holiday.
Let’s say it is normal for the office to close over the end of year period when many colleagues are
celebrating Christmas. However, your project is to upgrade the telephony switches. Knowing that
the call volumes will be low, and no one will be around to answer calls anyway, you might decide
that the Christmas period is the perfect time to do that project work. It’s not standard, but it’s the
most appropriate solution for your project and least disruptive for the business.
Not all standards or regulations are going to affect every project. It’s essential to have a view as to
what is necessary for this project. It is something I would consider and resolve as part of project
initiation so that I can go into project planning with all the information needed.
Impacts on project based on standards and regulations
By affecting project scheduling
Any time legal compliance is required, you can bet you need to add extra time to the schedule to
have the legal team check out what you are doing and ensure the project is ticking all the boxes.
Build-in enough time for regulation-related checks and work. Equally, with resource-related
regulations, you may have to constrain working time which will imply the schedule. For example, you
may not be able to use overtime hours, or you might have to factor in travel time to your plan if your
resources aren’t permitted to go over a certain amount of travel before taking a break.
Some of these constraints could be legislation affecting workers; others might be the way your
company operates (or as PMI would define them, enterprise environmental factors). An example
would be dictating that the standard working week is 40 hours. You would take that data and ensure
your schedule reflects a 40-hour standard working week.
By affecting project quality
If you must follow regulations or stick to standards, this could imply project quality. You might have
to do additional quality checks or use materials. An example would be building control. In the UK,
you need building control to sign off on construction work. You can’t only carry on building or
assume everything will be OK without having someone come around and inspect the site. That’s an
external quality check you must consider and plan.
By affecting project budgets
27 | P a g e
If your project needs a building control check, you must pay for that. The building controller will
charge you for his or her time. That cost needs to go into your project budget forecast. Depending
on what regulations and standards you must abide by, your project costs will need to accommodate
the related charges.
Once you understand the standards and regulations that affect your project, and how they are likely
to affect the project, you can plan for them. Some might need mitigating factors and add to the risk
register. Others will be easy to manage, perhaps by adding a little extra time or an additional task to
the schedule.
Do a bit of research at the start of your project and then incorporate what you need to so that your
project, and your organisation, stay compliant with the relevant regulations and standards.
Workplace Health and safety (WHS)
Work Health and safety (WHS) in some cases called work
related health and safety (OH&S) includes the administration of dangers to
the wellbeing and security of everybody in your work environment.
This incorporates the wellbeing and security of anybody who does work for you as well as
your clients, guests and suppliers.
It may at first fetched cash and time to actualise secure hones and introduce security gear but
is basic to the victory of your trade. Not taking activity seem too result in arraignment, fines
and misfortune of your talented staff.
Workers’ stipend laws moreover require you to have a workers’ stipend protections approach for
your employees.
Benefits of WHS in your business
Making a secure work environment could be a lawful necessity. It’s too basic to the longterm victory of your trade, which can:
• Help to keep the health of staff
• Help to improve the work efficiency
• Decreases the danger at the workplaces
• Lower the damage and staff compensation cost
What you must do
You must put wellbeing and security hones in put as before long as
you begin your commerce. Beneath Australian WHS laws
your trade must guarantee the wellbeing and security of your laborers and not put
the wellbeing and security of other individuals at chance. To do this you must:
• provide a secure work environment
• provide and keep up secure apparatus and structures
• provide secure ways of working
• Ensure secure utilise, taking care of and capacity of apparatus, structures and substances
• provide and keep up satisfactory facilities
• provide any data, preparing, instruction or supervision required for safety
• monitor the wellbeing of laborers and the situation at work location
28 | P a g e
what is must for the work staff
People working in your business have WHS obligations to themselves and others at work. They must:
• take care of their own health and safety
• take care not to do anything that could hurt others
• follow WHS instructions
• follow the workplace’s WHS policies and procedures.
WHS requirements in your state or territory
Every states contains its personal WHS regulations and a monitor to impose them. The WHS
structure for each state includes the:
• Act: outlines your broad responsibilities.
• Regulations: set out specific requirements for particular hazards and risks, such as noise,
machinery, and manual handling.
• Codes of practice: provide practical information on how you can meet the requirements in
the Act and Regulations.
• Regulating agency (regulator): manages WHS laws, reviews offices, delivers guidance and
imposes the laws. Verify their internet site for WHS info and assets.
Work functions and WHS
Work functions are a extraordinary way to celebrate and thank your staff for their difficult work.
But keep in mind that whereas your staff may be ‘off the clock’; you’re likely still capable for
their wellbeing and security. Here are a few recommendations to assist celebrate safely.
Before the occasion make beyond any doubt your inside approaches and strategies are up to
date, counting those for satisfactory conduct, and bullying and badgering within the workplace.
You’ll be able send a inviting mail to staff, reminding them:
• That whereas the party may be a time to unwind, it’s still a work function
• that the normal rules still apply, including those around sexual harassment
• they ought to use caution on the off chance that devouring alcohol.
At the event:
• any liquor being served ought to be served lawfully and responsibly
• there ought to be sufficient nourishment and non-alcoholic drinks available
• make courses of action for staff to induce domestic securely a short time later, such
as sorting out a transport, pre-ordering taxis or orchestrating assigned drivers.
Project site security and public access onto project construction sites
Builders got to guarantee that individuals of the open are not uncovered to hazard emerging from
the project development location.
Unauthorised entry to project development locales may uncover a individual to a number
of risks that, in the event that not controlled, seem result within the probability of fatalities
or genuine wounds. Where uncontrolled risks are display on
a location, there’s a prerequisite that introduction to those risks be tended to.
29 | P a g e
When a chance appraisal distinguishes the have to be disconnect particular site hazards and the as it
were way of accomplishing this is often with border fencing, the establishment of a fence,
either changeless or brief, which is kept up until the work movement on the location not presents
a hazard to unapproved participants, will help the builder in assembly their obligation of
care commitment. An unapproved individual is more likely to comply with a physical boundary such
as a fence than a caution sign.
When is fencing needed around construction site?
Unapproved guests, (counting children), may not be prevented by caution signs, have
no mindfulness of the threats which will be show on a private building location and have
no thought of the dangers that they may be uncovered to once they have entered a location.
These dangers can incorporate genuine harm from falls from somewhat developed houses
and platform, electric stun from “live” cables, suffocating in open unearthing’s, suffocation
or pulverising from collapsing fabric, coming into contact
with dangerous substances, projecting objects, falling onto jutting fortification bars etc.
Ideally, all dangers and dangers ought to be eliminated on the location, but this is
often not continuously achievable.
Fencing can be an successful way of confining unapproved passage to
a lodging development location when risks are display.
The builder ought to clearly consider introducing a fence around
a lodging development location when it is:
• in the nearness of a school or on a course voyage by children to and from school
• close to parks or recreational areas
• In a built up area.
Who is responsible for installing fencing around project construction site?
The builder is mindful for the wellbeing and security of any individual who may be influenced by the
building work on the location and is hence capable for the erection of fencing where required.
What type of fence is needed?
The border fence must be satisfactory for its reason and the taking after characteristics ought to be:
considered when deciding the fence construction:
• Be of a appropriate stature to prevent passage, for case 1.8 meters high
• be built from devoted materials
• be troublesome to climb
• be troublesome to pick up get to underneath
• be steady and able to resist expected loads; and
• gates and joints within the fence ought to be secure and not display a powerless point for
entry.
1.2 Interrogate system monitoring alerts and alarms and identify areas
of route and circuit unavailability
Network Alarm
30 | P a g e
Network Alarm Monitoring Systems are devices that are mostly centrally located. They monitor
equipment at your sites for notable events otherwise referred to as “alarms”. An alarm may vary
from something as simple as an unlocked door or to let you know your equipment is failing and you
are close to a massive network outage.
What Are “Alarms” And How Can They Give You Better Visibility of Your Network?
The Net Guardian RTU collects alarms and sends notifications for its discrete alarms, analog
threshold alarms, and ping targets. It can also communicate with multiple master stations.
Equipment at your sites should operate without you watching it 24/7. As events occur that might
require your attention, your equipment will let you know by reporting an alarm. You can connect a
remote telemetry unit (RTU) to the equipment at your site to report alarms.
Regardless of the device chosen or monitoring plans, the effect is the same: the network equipment
sends an alarm whenever something goes wrong.
Alarms start with equipment alarms, self-reported by each piece of your equipment. If your
generator runs, it latches a relay to tell you that it is running. If it is running low on fuel, your
generator might also have a relay to tell you that. If your microwave link cannot transmit effectively
because noise levels get too high, it can report that with a contact closure latch.
The alarm types you can monitor are virtually infinite. And because they are reported in a standard
way (a simple dry contact closure is the most common), you can capture all of them using a typical
alarm remote with discrete inputs.
How an Alarm Monitoring System Helps You Manage Your Alert Networking.
31 | P a g e
As your network grows, both geographically and in the number of elements, you may struggle to
track all the data coming in; potentially wasting time and energy trying to determine the severity
and location of every individual source.
T/Mon (Online service provider company) can receive SNMP (Simple Network Management Protocol
Traps) and poll legacy/proprietary devices. This will bring all your network monitoring on to one
platform. It can even forward SNMP traps to a higher-level master.
Ideally, your alarm monitoring system should:
• Collect all incoming alarms.
• Organise incoming alarms.
• Send intelligible notifications for alarms to technicians.
• Provide a simple interface for a network manager to execute controls and otherwise
monitor the network.
Your alarm monitoring system will not be very helpful if it leaves blind spots in your network. It must
be able to collect all your network alarms. Therefore, it must be able to communicate using all the
protocols used in your network and be flexible enough to support new protocols.
An alarm monitoring system like T/Mon supports a wide variety of network protocols. It even
includes legacy and proprietary protocols. This makes it quite adaptable to your network needs.
If you want to consolidate monitoring to a single platform, you can employ a device like T/Mon. It
will act as a regional or mid-level manager to mediate multiple protocols to SNMP or TL1. This single
stream will be sent to a higher-level master station.
Types of Routes
Routing is a process, which is performed by, layer 3 (or network layer) devices in order to deliver the
packet by choosing an optimal path from one network to another.
32 | P a g e
There are 3 types of routing:
1. Static routing
Static routing is a process in which we must manually add routes in routing table.
Advantages –
• No routing overhead for router CPU which means a cheaper router can be used to do
routing.
• It adds security because only administrator can allow routing to networks only.
• No bandwidth usage between routers.
Disadvantage –
• For a large network, it is a hectic task for administrator to manually add each route for the
network in the routing table on each router.
• The administrator should have good knowledge of the topology. If a new administrator
comes, then he must manually add each route so he should have very good knowledge of
the routes of the topology.
Configuration –
• R1 having IP address 172.16.10.6/30 on s0/0/1, 192.168.10.1/24 on fa0/0.
• R2 having IP address 172.16.10.2/30 on s0/0/0, 192.168.20.1/24 on fa0/0.
• R3 having IP address 172.16.10.5/30 on s0/1, 172.16.10.1/30 on s0/0, 10.10.10.1/24 on
fa0/0.
Now configuring static routes for router R3:
• R3(config)#ip route 192.168.10.0 255.255.255.0 172.16.10.2
• R3(config)#ip route 192.168.20.0 255.255.255.0 172.16.10.6
Here, provided the route for 192.168.10.0 network where 192.168.10.0 is its network.
Now, configuring for R2:
• R2(config)#ip route 192.168.20.0 255.255.255.0 172.16.10.1
• R2(config)#ip route 10.10.10.0 255.255.255.0 172.16.10.1
33 | P a g e
• R2(config)#ip route 172.16.10.4 255.255.255.0 172.16.10.1
Similarly, for R1:
• R1(config)#ip route 192.168.10.0 255.255.255.0 172.16.10.5
• R1(config)#ip route 10.10.10.0 255.255.255.0 172.16.10.5
• R1(config)#ip route 172.16.10.0 255.255.255.0 172.16.10.5
2. Default Routing
This is the method where the router is configured to send all packets towards a single router (next
hop). It does not matter to which network the packet belongs, it is forwarded out to router which is
configured for default routing. It is generally used with stub routers. A stub router is a router which
has only one route to reach all other networks.
Configuration –
Using the same topology which we have used for the static routing before.
In this topology, R1 and R2 are stub routers so we can configure default routing for both these
routers.
Configuring default routing for R1:
• R1(config)#ip route 0.0.0.0 0.0.0.0 172.16.10.5
Now configuring default routing for R2:
• R2(config)#ip route 0.0.0.0 0.0.0.0 172.16.10.1
3. Dynamic Routing
34 | P a g e
Dynamic routing makes automatic adjustment of the routes according to the current state of the
route in the routing table. Dynamic routing uses protocols to discover network destinations and the
routes to reach it. RIP and OSPF are the best examples of dynamic routing protocol. Automatic
adjustment will be made to reach the network destination if one route goes down.
A dynamic protocol has following features:
1. The routers should have the same dynamic protocol running to exchange routes.
2. When a router finds a change in the topology then router advertises it to all other routers.
Advantages
• Easy to configure.
• More effective at selecting the best route to a destination remote network and for
discovering remote network.
Disadvantage
• Consumes more bandwidth for communicating with other neighbours.
• Less secure than static routing.
How to check your Network Connection
To test the speed and health of your Internet connection to Box, follow these steps to run a
Connection Diagnostics test from within your Box account:
• Open the Account menu by clicking your profile image (or initials) in the upper-right corner.
Click Account Settings.
• Select the “Diagnostics” tab
• Under the “Connection Diagnostics” section, click the “Run Test” button
• This will run a multi-step connection test to see if your connection is at an optimum level.
When the test completes, you will see a short summary of test results.
If the connection diagnostics did not complete, then check your firewall/proxy settings to make sure
Box domains are allowed.
In addition, please follow the steps below to compare speeds to servers near to Box:
• Go to http://softlayer-sj.speedtest.net/ and notice there are two buttons. Please be sure to
click the right-hand “Begin Test” Your Preferred Server button.
• When the test completes, you will be shown a report of your Ping, Download speed, and
Upload speed in megabits per second (Mbps).
• Click the “SHARE THIS RESULT” button.
• Click the “COPY” button and save the link
• Perform a 2nd test at https://www.sonic.com/speedtest and click Begin Test button
• When the test completes click the “SHARE THIS RESULT” button.
• If you end up creating a case with Box Support, you can send us these results to help us
identify the issue.
• After running the connection diagnostic tests, follow the next section below to verify your
computer can reach all the Box servers.
Testing Connectivity to Box Domains
35 | P a g e
You can test if your browser is able to connect to various Box domains by going to our Connectivity
Tests page.
How to check internet connection:
The first thing you should try with your internet connection is the same thing your ISP will tell you if
you call them. Unplug your cable or DSL modem, whatever, wait for minute, and then plug it back in.
Give it another minute and then see if your internet is back on.
Then, grit your teeth and call your ISP. This is usually a pointless exercise, but every now and again
you can get useful information. Maybe it is not just you but your whole neighbourhood that is having
problems because a back-hoe took out a cable. And, once in a blue moon, they will have a helpful
suggestion.
If worst comes to the worst, they will finally agree to send someone out to look at your setup. Who
knows, instead of one of your cables being disconnected, maybe one of their cables is busted.
Physical problems are often the root to network problems.
Let us say though that your internet is up and running, but it is being a little flaky. Here is what you
do.
First, let us see if you are getting the bandwidth you are paying for. The best site to check on your
current real speed is Speed test. This site is run by Okla., a network performance company. It gives
you your download speed, upload speed, and ping to the closest test.
36 | P a g e
Ping is a network utility that measures the time in milliseconds between your computer and the test
server. The lower your ping, the better. If you are seeing a ping above 50ms, you’ve got a problem.
There are other performance test sites. One of the newest, Google Internet Speed, comes from a
partnership between Google and Measurement Lab (M-Lab). In addition to speed, this test measures
your network latency. Latency is a measure of how quickly you get a response from the server. Low
response times are important for real-time apps, like video calls and online gaming. This is measured
in ms. Latency is like ping, but it is a measure of the constant delays between your system and
servers.
37 | P a g e
With some kinds of internet connections, notably dial-up and satellite, you will always see poor ping
and latency performance. There is nothing you can do about this. These technologies simply are not
capable of performing well. In practical terms, that means, for example, online action gaming and
videoconferencing are almost impossible with either kind of internet connection.
Netflix, which has reason to believe ISPs deliberately slow down its shows, has its own speed test:
Fast. All this test does is tell you how fast your downloads are.
ISPs also have their own performance tests. These tests will show you getting the fastest possible
speeds. What a surprise!
You may notice that my results are from 60 to 70 Megabits per second (Mbps) down. That is pretty
good. In the real world, ISPs usually over-promise and under-deliver on bandwidth.
It is because cable internet’s bandwidth is shared between users on the same cable segment. Thus,
while I can see great speeds in the morning and afternoon, when the evening comes around and
everyone starts watching Netflix, my speed goes down. That is not a joke. Netflix currently uses 35.2
percent of all fixed internet traffic, and most of that is in prime time.
Even with a low ping and fast bandwidth. your connection may still not be that good. That is because
ping, latency, and bandwidth only tell part of the story. You may be losing packets or suffering from
jitter.
Jitter, or more precisely packet delay variation, is a measurement of the times it takes for internet
packets to arrive to your system. So, for example, if you ping a site once and it takes 1ms to report
back in and then the next ping packet takes 10ms to report in, you have a horrible case of jitter.
Sometimes jitter is so bad that packets are lost.
This is just what it sounds like. Your PC is sending out packets of information to websites and they
are not getting there, or vice-versa. Many things can cause jitter: interference, overburdened
network hardware, or a bad connection.
What this means for you is the more jitter you have, the less stable your connection is. With older
programs like email and ordinary web browsers you may never notice your internet is less than rock
stable, but with high jitter, video, VoIP, and games will once more start be misbehaving.
38 | P a g e
You can check to see if you are having jitter by using the DS Report Jitter test. This measures jitter by
pinging sites from around the world from your system. If you are seeing a lot of jitter your internet
connection is most likely suffering from network congestion somewhere up the line.
The internet being what it is, you’ll usually see a little packet loss. Ideally, you want zero packet loss,
but for ordinary internet usage you can live with 1 or 2 percent loss. If you’re seeing jitter constantly,
bug your ISP.
If the packet loss or jitter seems to be coming from inside your network, there are other options.
Start with checking your connections yet again. Update your router firmware and try switching out
equipment on your network to see if you have noisy networking gear. Misbehaving network
equipment can seriously slow down any LAN.
Still having trouble. It is time to call in a network technician to find and fix your problem. Anyone
with a Network+ certification can help. If you know your way around a network, you can find the
trouble yourself with the use of advanced tools such as Wireshark, Logic Monitor, or Spiceworks
Network Monitor.
Good luck with getting your connection working right. It is often not easy, but almost any network
problem can be fixed with enough effort and expertise.
1.3 Assess planned and unplanned outages to determine network
unavailability and verify restoration times
Network and Service Outages
A service is the set of tasks performed by the network upon a request from the user such as a voice
call, Internet access, e-mail, and so forth. A service outage is the users’ inability to request a new
service or to continue to use an existing service because the service is either no longer available or it
is impaired. As discussed previously, availability of a network strongly depends on the frequency of
39 | P a g e
service outages and the recovery time for each outage. A network outage is the loss of network
resources, including routers, switches, and transport facilities, because of the following:
• Complete or partial failure of hardware and software components
• Power outages
• Scheduled maintenance such as software or hardware upgrades
• Operational errors such as configuration errors
• Acts of nature such as floods, tornadoes, and earthquake
Planned and Unplanned Outages
Each network outage can be broadly categorised as either “unplanned” or “planned.” An unplanned
network outage occurs because of unforeseen failures of network elements. These failures include
faults internal to a router’s hardware/software components such as control-plane software crashes,
line cards, link transceivers, and the power supply or faults external to the router such as fibre cuts,
loss of power in a carrier facility, and so forth. A planned network outage occurs when a network
element such as router is taken out of service because of scheduled events (for example, a software
upgrade).
Main Causes of Network Outages
What are the main causes of network outages? As it turns out, several culprits contribute to network
downtime. According to a study, one-year reliability study of IP core routers conducted in a regional
IP service provider network, router interface downtime averaged about 955 minutes per year, which
translates to an interface availability of only 0.998.3 As a reference point, a carrier-class router is
expected to have a downtime of only 5.2 minutes per year. The same study indicated the following
percentages of causes for total network downtime:
• 23 percent for router failure (software/hardware faults, denial-of-service attack)
• 32 percent for link failures (fibre cuts, network congestion)
• 36 percent for router maintenance (software and hardware upgrade, configuration errors)
• The remaining 9 percent for other miscellaneous reasons
According to another study, router software failures are the single biggest (25 percent) cause of all
router outages.4 Moreover, within software-related outages, router control-plane failure is the
biggest (60 percent) cause of software failures. The following section provides a brief overview of
various node- and network-level fault-tolerance approaches that can help to improve network
availability.
40 | P a g e
Design Strategies for Network Survivability
The reliability and availability of an IP/MPLS network can be examined from two interrelated
viewpoints: service and network views. The service view deals with satisfying customer expectations
such as availability of service and other service-level agreements (SLA). The network view deals with
reducing network equipment and operation costs. Because the main task of a network is to provide
user services, the reliability and availability requirements for the network are driven by the service
view. An effective network design seeks to satisfy service reliability and availability objectives at the
minimum network equipment (capex) and operational (opex) cost.
A packet-switched network consists of interconnected network elements, including routers,
switches, and transport links. Network availability depends on the reliability and availability of its
network elements. Fault tolerance of router hardware and software components is crucial to deliver
user services with negotiated SLAs. A carrier-class router is typically expected to satisfy requirements
such as the following:
• No single hardware fault should result in a loss or degradation of user traffic or a loss of
control-plane and management functions.
• System downtime should be less than 5.256 minutes per year.
• Line cards, switching fabric, and control processor cards should be redundant with capability
to monitor standby cards.
• The control-plane software/hardware module should not be a single point of failure, and the
service (forwarding plane) should not be disrupted due to failure of the control plane.
• The router should be capable of service recovery from link/node failures.
Mitigating Node-Level Unplanned Hardware-Related Outages
One of the most effective techniques for reducing unplanned hardware-related downtime in a
router is the use of redundant hardware components, including line cards, switching fabric, control
processor cards, and physical interfaces. Three types of redundancy schemes are commonly used for
this purpose:
• One-for-N (1: N)—There is one standby component for every N active component.
• One-for-one (1:1)—There is a standby component for each active component.
• One-plus-one (1+1)—This is like the one-for-one scheme except that in the case of one-plusone, traffic is transmitted simultaneously on both active and standby components. (Traffic is
generally ignored on the standby.) An example of one-plus-one redundancy is the 1+1
SONET/SDH APS scheme that avoids loss of data traffic caused by link failure.
Unplanned Software-Related Outages
It is apparent that reliability and stability of router hardware and software are crucial for building
reliable and available IP/MPLS (Multiprotocol Label Switching) networks. As discussed previously,
routers use redundant switching fabric, control processor cards, line cards, and interfaces to achieve
node-level hardware fault tolerance. Although most routers usually have adequate hardwarecomponent redundancy coverage, the control-plane software remains a weak link and a prime cause
of router failures.
The two most important constituents of the router software are IP and MPLS control-plane
protocols. The IP control-plane component consists of IP routing protocols such as OSPF (Open
Shortest Path First), IS-IS (IS-IS is a link-state routing protocol), and BGP (Border Gateway Protocol),
which exchange network topology information and thus help build the IP forwarding state. The
41 | P a g e
MPLS (Multiprotocol Label Switching) control-plane component is composed of signalling protocols
such as LDP (Label Distribution Protocol), RSVP-TE (Resource Reservation Protocol – Traffic
Engineering is an extension of the Resource Reservation Protocol for traffic engineering. It supports
the reservation of resources across an IP network.), and BGP (Border Gateway Protocol). Labelswitching routers (LSR) use information provided by IP/MPLS control-plane components to construct
the MPLS forwarding state. The IP forwarding state is used to transfer IP packets from an incoming
port of the router to an outgoing port using a destination IP address. In contrast, the MPLS
forwarding state is used for moving packets from input to output ports based on label information.
IP and MPLS forwarding tables are collectively referred to as the forwarding plane. Because of the
time-critical nature of packet-forwarding operations, the forwarding-plane functions are typically
distributed online cards to enhance forwarding performance. In contrast, control-plane tasks are
relatively less time critical and therefore often reside on the central control processor card. Because
control-plane protocols constitute router intelligence, the control processor serves as host to the
router’s brain. Because of the pivotal importance of the control-plane functions to the router
operation, a control processor is normally protected against failure through 1:1 (active and standby)
redundancy.
The existing control-plane software restart and switchover behaviour in routers is disruptive and
therefore undesirable. When a router detects a software/hardware failure in the active control
processor, it switches over to the standby and, in this process, not only restarts its control software
but also resets the forwarding plane in the line cards. The result of this behaviour means disruption
of data forwarding and the accompanied service outage. Consider, for example, the restart of an IP
control-plane protocol such as OSPF (Open Shortest Path First) or IS-IS. When OSPF or IS-IS restarts,
the failing router’s interior gateway protocol (IGP) neighbours detect this restart and originate LSAs
(Link-state advertisement) or LSPs (Language Server Protocol) to omit links to the restarting router.
Upon receiving new LSAs or LSPs, the no restarting routers recompute their paths to avoid the
restarting router. This shows that the original IP control-plane restart behaviour causes unnecessary
disruption of traffic in the restarting router, generates extra IGP (Interior gateway protocol) control
traffic, and triggers costly shortest path first (SPF) precomputations in no restarting routers.
Similarly, when the MPLS control plane restarts, LDPs (Label Distribution Protocol) withdraw labels
that were advertised prior to this failure. Once again, this behaviour results in disruption of the
MPLS forwarding. In short, one can say that control-plane restart causes instability throughout the
network.
This description clearly shows that the original IP/MPLS control-plane restart behaviour is totally
unacceptable, particularly when you consider the fact that service providers are deploying more and
more IP/MPLS networks to deliver legacy services and customers are expecting a better or
comparable level of reliability and availability. Therefore, disruption of the IP/MPLS forwarding plane
must be reduced to an absolute minimum. The next section outlines some approaches to achieve
this goal.
42 | P a g e
1.4 Obtain and interrogate network management system and identify
traffic status
Network Management System
Network management refers to the processes, tools and applications used to administer, operate,
and maintain a network infrastructure. Performance management and fault analysis are also
included in network management. To put it simply, network management is the process of keeping
your network healthy, which keeps your business healthy.
Components of Network Management
The definition of network management is often broad, as network management involves several
different components. Here are some of the terms you will often hear when network management
or network management software is talked about:
• Network administration
• Network maintenance
• Network operation
• Network provisioning
• Network security
Importance of network management
The whole point of IT network management is to keep the network infrastructure and network
management system running smoothly and efficiently. Network management helps you:
• Avoid costly network disruptions
• Improve IT productivity
• Improve network security
• Gain a holistic view of network performance
1. Avoid Costly Network Disruptions: Network downtime can be very costly. In fact, industry
research shows the cost can be up to $5,600 per minute or more than $300K per hour. Network
disruptions take more than just a financial toll; they also have a negative impact on customer
relationships. Slow and unresponsive corporate networks make it harder for employees to
effectively address customer needs and concerns. And customers who feel this lack of service
could be quick to leave.
2. Improve IT Productivity: By monitoring and learning every aspect of the network management
service, an effective network management system does many jobs at once. IT network
management frees up IT staff to focus on other things.
3. Improve Network Security: With a focus on network management, it is easy to identify and
respond to threats before they propagate and impact end users. Network management also
aims to ensure regulatory and compliance requirements are met. Improved network security
also leads to greater network privacy, giving the user more freedom when using their device.
4. Gain a Holistic View of Network Performance: Network management gives you a complete view
of how your network is performing. It enables you to identify issues and fix them quickly.
What is network traffic?
Network traffic, also called traffic or data traffic, refers to the data moving across a network at any
given time. Network data consists of packets, the smallest, fundamental units of data passed along a
43 | P a g e
network. Network traffic data is broken into these packets for transmission and reassembled at the
destination. Packets consist of payloads (the raw data) and headers (the metadata) containing
information like origin and destination IP addresses.
There are four broad categories of network traffic:
• Busy/heavy traffic, where high bandwidth is consumed
• Non-real-time traffic, which refers to the bandwidth consumed during working hours
• Interactive traffic, traffic facing competition for bandwidth, which results in slow response
times if prioritisations for traffic and applications are not set
• Latency-sensitive traffic, which can also result in poor response times due to competition for
bandwidth
Why is network monitoring important?
Gaining insights into network traffic is important when managing and measuring bandwidth (the
amount of data that can be transmitted in a set amount of time) and maintaining functional
bandwidth is critical to service delivery.
Analysing your network traffic can have many benefits. It can help identify network bottlenecks,
which occur when there is not enough data handling capacity to manage the volume of traffic
currently passing through. It can also help what identify users or applications are the network top
talkers. This analysis has security benefits as well, since an unusually high amount of traffic in a
network can indicate a cyberattack.
Analysing network traffic can also provide insights into current and past bandwidth usage patterns,
allowing you to better understand your organisation’s future network needs. By measuring the
amounts and types of data traveling across the network, admins can better manage it to make sure
the most important processes receive the required bandwidth.
How to check network traffic
Here are some basic steps required to manually check network traffic through a router:
• Access your router by entering your router’s IP address into a web browser.
• Once you sign in, look for a Status section on the router (you might even have a Bandwidth
or Network Monitor section depending on the type of router).
• From there, you should be able to see the IP addresses of devices connected to your
network.
• For most modern routers, you should be able to click through on a device level and overall
network to see traffic activity.
For any organisation, knowing the number of connected devices and their usage is a good first step
in understanding the potential bandwidth requirements needed to support the amount of traffic on
a network. However, this surface-level traffic data often does not support the ability to see or act on
this information at scale for devices across your environment.
The best way to check network traffic is with a tool like SolarWinds® Bandwidth Analyser Pack (BAP).
BAP is built to automatically check and compile network traffic insights from devices across your
network in a centralised dashboard and alert you to any concerning behaviour in your network.
How to monitor network traffic activity
44 | P a g e
The first step in monitoring network traffic activity is to understand what you would like to monitor
or the issue you are trying to solve. This includes monitoring traffic to servers, firewalls, or other
devices on your network or for a specific issue like bandwidth usage or packet loss. By first
identifying the goal of the monitoring, you can limit your focus to the most important metrics to
your analysis and the best tools to use to perform this troubleshooting.
For example, monitoring traffic activity at the packet level can help you understand how packets
travel between devices to ensure your services are being delivered. Monitoring the traffic activity
between network devices can also provide insights into whether packets are being lost due to
insufficient bandwidth. Using commands like tracert can provide some visibility into packets, but a
packet sniffer, also called a network analyser or a protocol analyser, is built to intercept, log, and
analyse network traffic and data. Insights into packet origin and destination, dropped packets,
fluctuations in packet traffic, and similar data points can signal issues and help admins pinpoint the
location of network activity issues.
What is a network traffic monitor?
While a sniffer can provide packet-level insights, only a network activity monitoring solution is
designed to help you answer the question of whether network traffic levels normal for your
infrastructure. Beyond simply monitoring network traffic, it is important to have a network traffic
monitoring tool to measure traffic and provide detailed analysis, allowing you to implement policy
changes and maximise your bandwidth capabilities.
The network traffic monitor tool in SolarWinds BAP is designed to help you identify network traffic
issues with ease, so you can improve your bandwidth capabilities to ensure good performance for
end users.
45 | P a g e
Network Monitoring Tools
1. SolarWinds Network Performance Monitor
SolarWinds Network Performance Monitor is a comprehensive network performance monitoring
tool that can monitor the status of devices with SNMP. It can automatically discover network devices
connected to your network. Use the dashboard to monitor the availability and performance of
connected network devices from a holistic perspective.
Any devices, applications, or services that have been discovered can also be viewed on a network
topology map where you can see how your infrastructure links together. The Net Path feature allows
you to trace packet transfers hop-by-hop, which can help to diagnose the origin of performance
network issues more effectively.
The custom alerts system enables you to set trigger conditions for alerts. Once the trigger conditions
are met the software will send you a notification by email or SMS to let you know that an event has
taken place. The user can view a comprehensive list of alerts according to severity by going to the All
Active Alerts page.
Key features:
• SNMP monitoring
• Automatically discovers connected network devices
• Network packet analysis
• Intelligent network maps with Net Path
• Create Wi-Fi heat maps
• Alerts system
• Reports system
2. Datadog Network Performance Monitoring
46 | P a g e
Datadog Network Performance Monitoring is achieved through a cloud-based SaaS infrastructure
monitoring service. As the software for this service is based in the cloud, you do not have the worry
of maintaining a server to run the system on. The SaaS Datadog system even includes storage space
for the statistics that the network monitor reaps while constantly supervising the performance of
your network.
The service can monitor networks anywhere, just if you are able to install an agent program
somewhere on the monitored network. This means that it can monitor single-site LANs, multi-site
WANs, cloud resources, and hybrid systems with equal competence.
As with most network monitors, the Datadog service relies on SNMP for live statistics. This also
enables the monitor to seek out all devices when it first gets into service. It will also spot changes as
resources are added, moved, or removed from the network.
The console of the monitor is accessed through any browser. Its screens include tables of live data
and on-demand graphs. Data can be filtered to provide focused analysis. This feature is available
both for live and historical data.
As well as recording its own statistics, Datadog includes a log consolidator that will track down the
system logs on your network and interpret their records for analysis. This is a great way to track
down the big generators of traffic and explore methods to accommodate them, replace them, or
manage their network utilisation.
Traffic flow features in the platform include live utilisation visualisations. That helps you to identify
inefficient cabling, overloaded links, and badly calibrated load balancers. An AI-based machine
learning feature in the monitor enables it to forecast future traffic volumes from a percentage
change in traffic detected over time. This is a great capacity planning tool that produces graphics to
enable you to pitch your resource demands to budget controllers.
Datadog is good at managing hypervisors and container systems. It provides a management console
that shows overloaded servers and lets you remap VMs to spare servers and ensure constant
capacity availability.
The Datadog system is charged for by subscription, so it is a great tool for start-ups and small
businesses with little money for monitoring tools.
Key features:
47 | P a g e
• Scalable, cloud-based service suitable for all network sizes and topologies
• SNMP-based monitoring with an auto discovery feature
• AI-based machine learning that provides capacity predictions
3. ManageEngine OpManager
ManageEngine OpManager is a network monitoring solution that can monitor the performance of
network devices, servers, routers, switches, and virtual machines in real-time. Customisable
dashboards provide over 200 widgets for you to create a unique monitoring experience.
SNMP monitoring keeps you updated on the performance of devices within your network. For
increased visibility, you can use the network mapping feature to automatically discover and map
new devices. You can schedule network discovery to find new devices once they are added to your
network.
The alerts system helps you to respond to performance changes quickly. ManageEngine OpManager
correlates network events and only presents relevant alerts to the user while minimising false
positives. The program sends alerts by email and SMS to keep you updated on any emerging
problems.
48 | P a g e
ManageEngine OpManager is an all-in-one network monitor that is recommended for users that
want a simple infrastructure monitoring tool. Paid versions start at $245 (£188.55) for 10-1,000
devices up to $11,545 (£8,885 for 250-10,000 devices. You can download the 30-day free trial.
Key features:
• Automatic discovery
• Network mapping
• SNMP monitoring
• Email and SMS alerts
• Customisable dashboards
Other Networking Monitoring Tools
• Atera Cloud-based RMM system includes a large range of monitors – server, network device,
and application – suitable for all sized businesses.
• Site24x7 Network management platform tools that can monitor network devices, websites,
servers, applications, and more.
• Nagios Core – One of the top open-source network monitoring tools. Includes a dashboard
view, alerts system, community plugins, and more.
• Zabbix – Open source network monitoring software with SNMP and IPMP monitoring.
Includes an alerts system and community plugins.
• Icinga – Open source network monitoring system with a DSL. Includes extensions.
• Spiceworks Connectivity Dashboard – Free network monitoring software with a high-quality
dashboard and simple alert system.
1.5 Analyse system alert and identify real and potential traffic problems
Network Alerts
If there is an issue somewhere on your network, you need to know about it as soon as possible. A
network performance monitor (NPM) constantly checks for performance problems by scanning your
entire network. When it detects a problem, it informs the user with a network alert. These alerts
49 | P a g e
allow network technicians to respond to problems quickly, reducing the amount of poor network
performance and downtime.
Any NPM worth its salt will have alerting capabilities built in, as network alerts are essential for IT
teams to keep the network functional. However, there are a handful of alerting features that
enterprises should look for in an NPM solution. While these alerting functions are not found in every
NPM, they provide a big advantage for companies to handle common and uncommon network
performance issues. Read on to discover 4 essential network alerting features that every enterprise
should look for in an NPM solution.
Real-time alerts
NPMs continuously check for performance problems across all areas of the network. The time gap
between network sweeps varies depending on the solution, but more high-end tools detect network
issues in real time. If your NPM touts real-time issue detection, it might also send out alerts in realtime. These NPMs inform you of problems as soon as it detects them, even before it finishes fully
analysing the issue. That way, your technicians can begin fixing the problem without having to wait
on the NPM to complete a full diagnosis. This allows your technicians to discover the issue’s source
and solution as soon as possible and apply the fix without losing too much performance.
Intelligent alert descriptions
If all the NPM tells you is that there is a problem on the network, it would not be very useful. Your
team needs to know what and where the issue is, when it started, and what network areas it is
affecting. NPMs need to supply you this crucial information in the alerts they send to you. The alerts
need to make sense for the network team and give them all the important information they need to
fix the problem.
Critical alerts and tiered alerts
Not every network problem is incredibly important. If your NPM tool floods you with alerts on noncritical performance issues, your network team might miss critical network failures. A good NPM tool
should separate problems into separate categories based on their importance. At the very least, the
NPM should define both critical and non-critical network problems and alert you to critical problems
first and foremost. For more advanced NPMs, they implement a system called “tiered alerting” that
assign issues to one of multiple different categories. They then administer alerts from the most
important category first, then move down the list to address less serious problems.
Alert times
While every NPM needs to alert its users to problems, it also needs to know when to send out alerts.
Sending out alerts during off-hours can lead to alerts being lost between the alert being sent and
when the network team can examine the problem. Some NPMs allow you to set on-hours and offhours for alerts so your team only receives notifications during times it specifies. This allows you to
keep alerts from flooding your inbox while your network team is out of the office.
Potential traffic problems
Just like in road congestion, Network Congestion occurs when a network is not able to adequately
handle the traffic flowing through it. While network congestion is usually a temporary state of a
network rather than a permanent feature, there are cases where a network is always congested
signifying a larger issue is at hand.
50 | P a g e
Five (5) common causes of network congestion including:
• Over-subscription
• Poor network design/misconfiguration
• Over-utilised devices
• Faulty devices
• Security attack
Over-Subscription
Have you ever experienced a case where your web browsing experience is consistently faster at
certain times of the day than others? For example, there is a high probability that you will have a
better browsing experience at night than during the day. This is because there are more users on the
network during the day (peak period) than at night (off-peak period). This is like getting on the train
during rush hour versus when everyone is at work. Cases like this are usually the result of OverSubscription where a system (e.g. a network) is handling more traffic than it was designed to handle
per time. It is important to note that over-subscription is usually done on purpose as it may result in
cost savings.
For example, let us consider a scenario where an organisation has 100 users and it has been
determined that a 100Mbps Internet link will be suitable for all these users.
Now imagine that most of the staff of this organisation work from home. In this case, it will be more
cost efficient to go for a lower link capacity, say 50Mbps, since only a handful of employees will be
using the link per time. But what happens when there is a company-wide meeting and all employees
come into the office? You guessed right Network congestion.
Poor Network Design/Misconfiguration
A more serious cause of network congestion is poor design or device Misconfiguration. Take for
example a broadcast storm, where a large volume of broadcast and/or multicast traffic is seen on
the network within a short time, resulting in severe performance degradation.
Since broadcasts are contained within subnets, the larger the subnet the more serious the effect of a
broadcast storm. Therefore, a network that has been designed with large subnets without
considering broadcast storms can result in network congestion.
Another case of broadcast storm is Layer 2 loops. In a layer 2 segment, broadcast messages are used
to discover unknown MAC addresses. If there is a loop on the network, the same broadcast message
can be sent back and forth between the devices on the network resulting in broadcast storms and
possible network congestion.
Over-Utilised Devices
Devices such as routers, switches, and firewalls have been designed to handle certain network
throughput. For example, the Juniper MX5 has a capacity of 20Gbps. Apart from the fact that this is a
theoretical value (the capacity in the production environment will be slightly lower), this is also the
maximum capacity.
Therefore, constantly pushing ~20Gbps of traffic through that device means that the device will be
over-utilised and will likely result in high CPU utilisation and packet drops, leading to congestion on
the network.
51 | P a g e
Another issue related to over-utilised devices that can cause network congestion is Bottlenecks. As
in most hierarchical designs where multiple devices feed into a higher-level device, care must be
taken to ensure that the higher-level device can handle all the traffic from the lower-level devices.
If this is not the case, then the higher-level device can result in a bottleneck causing congestion on
the network. Think about a 4-lane highway merging into a 2-lane road.
Faulty Devices
A network performance assessment for an organisation. They were buying 100Mbps link capacity
from their ISP but the users on the network were struggling to connect to the Internet effectively.
They complained that the network was always “slow” (user speak for network congestion) even
when few people were on the network. Upon investigation, we discovered that while their ISP was
truly giving the agreed upon 100Mbps, the edge device was only providing 30Mbps to the network!
Apart from the fact that this organisation had wrongly terminated the link on a Fast Ethernet
interface (which gives a theoretical speed of 100Mbps but much lower practical speed), that
interface was also faulty. By moving the ISP link to another interface (we used a Gigabit Ethernet
interface instead), the performance problem was solved.
Security Attack
A network of about 10 users had poor browsing experience even with the 4Mbps link they were
getting from their ISP. Ideally, this capacity should have been enough because the users were not
doing anything heavy on the Internet – just emails, web searches, and normal user activities.
Upon investigation, it was discovered that one of their servers had been compromised and it seems
the attacker was using this server to host illicit content resulting in a huge amount of traffic being
sent to/from this server. By cleaning up this server, the congested network was once again “free” for
normal user traffic. Other security attacks that can result in network congestion include viruses,
worms, and Denial of Service (DoS) attacks.
Effects of Network Problems
Everyone on a network generally “feels” the effects of network congestion. They may not be able to
explain it in technical terms but will say things like “The connection is so slow”, “can’t open web
pages”
From a technical perspective, the effects of a congested network include:
• Delay: Also known as Latency, Delay is the time it takes for a destination to receive the packet
sent by the sender. For example, the time it takes for a webpage to load is a result of how
long it takes for the packets from the web server to get to the client. Another evidence of
delay is the buffering you experience when watching a video, say on YouTube.
• Packet Loss: While packets may take a while to get to their destination (delay), packet loss is
an even more negative effect of network congestion. This is especially troubling for
applications like Voice over IP (VoIP) that do not deal well with delay and packet loss,
resulting in dropped calls and Call Detail Records, lag, robotic voices, and so on.
• Timeouts: Network congestion can also result in timeouts in various applications. Since most
connections will not stay up indefinitely waiting for packets to arrive, this can result in lost
connections.
Troubleshooting Network Problems
52 | P a g e
Feeling the effects of network congestion is one thing but confirming that a network is congested is
another. In this section, we will look at some activities that can be performed to confirm the
congestion of a network.
1. Ping: One of the fastest ways to check if a network is congested is to use Ping because not
only can it detect packet loss, it can also reveal delay in a network i.e. through the round-trip
time (RTT). Using a tool like MTR (which combines ping and traceroute) can also reveal parts
of the network where congestion is occurring.
2. LAN Performance Tests: A tool like iPerf can be very useful in determining performance
issues on a network, measuring statistics like bandwidth, delay, jitter, and packet loss. This
can help reveal bottlenecks on the network and identify any faulty devices/interfaces.
53 | P a g e
3. Bandwidth Monitoring: During the investigation of the compromised server I mentioned
above, we used a tool called ntopng to discover “Top Talkers” which revealed that the server
was using up all the bandwidth on the network. In the same way, tools that monitor
bandwidth can reveal network congestion especially during a security attack or if a host is
using up all the bandwidth.
1.6 Analyse customer complaints and traffic measurement data to
identify network problems
Analyse customer complaints
1. Analyse all feedback
This may sound obvious, but it is vital that you analyse all the feedback you get otherwise why
bother collecting it in the first place.
Whilst some feedback may give standard or unremarkable details, some may contain information
that could potentially be a breakthrough for your business.
2. Categorise (and sub-categorise) feedback
You will find rapidly that feedback will start to fall into more general categories these could include
the speed of your service (or lack of), accuracy, courtesy and helpfulness of particular staff, price and
choice of products, availability or location etc.
54 | P a g e
Sorting feedback into categories will immediately help to show a wider picture of how the customer
views your business and services. Of course, some customers may comment on several categories
and you can file these accordingly.
You will probably find that sub-categories are also very useful. This will help to highlight the less
noticeable elements of your business operations, which could prove to be very significant to your
overall proposition. Often these ‘hidden’ elements are the ones that are significantly pleasing or
annoying your customers and website visitors.
3. Use negative and positive feedback
Inevitably feedback will range from complaints to (hopefully) high praise! It makes sense to divide
the results using these criteria, as your response to each will vary greatly. It is worth pointing out at
this juncture that positive comments are just as valuable as complaints because they show you what
pleases and excites your repeat customers. Compliments will also motivate your team and thanking
customers for positive feedback helps to build customer loyalty.
In a similar way, negative comments will highlight why customers leave and go to your competitors.
You need to close the loop and resolve these problems this is a well proven way of retaining more
business. In both cases, your business will improve and thrive by reacting positively to feedback.
4. Look at root causes
Naturally, you need to understand what is driving customer loyalty if you want to improve it and
customer feedback will help you to do this. Therefore, it is useful to make the analysis of root causes
a priority above settling more complex or niche problems reported by your customers.
To achieve this, it is vital to have a management system in place which will qualify feedback and help
you search through potentially large amounts of data. You also need to be able to determine the
data which will help identify root causes of issues before you move onto more complex (and
sometimes niche) problems that will result from these.
5. Understand the value of the customer
All customers are valuable to your business, but some are more valuable than others! It is important
to understand the value of a customer/group of customers so you can prioritise changes to your
sales funnel or customer management regime.
For example, some customers may only buy from you during a sale whilst more loyal customers will
continue to buy from you on an ongoing basis. Obviously, repeat customers are more important to
your revenue than those which ‘cherry pick’ certain deals, so it makes sense to prioritise the ‘voice’
of customers that come back to you again and again.
This also applies to making a business case for internal changes. For example, if you want to invest in
schemes designed to drive up customer loyalty you need to be aware of how much this will be worth
to your business compared to the cost of implementing it (investment cost Vs return on investment)
to ensure it is worthwhile.
6. Look for trends
Of all the criteria you use to analyse customer feedback, identifying trends is one of the most
important. Trends will show where you are getting things right or wrong and will become even more
important when your volume of feedback increases.
55 | P a g e
Looking at individual feedback, you might find particularly strong opinions or complaints. However,
these need to be seen in the context of your overall sales. For example, one customer may have a
terrible experience with a product you have sold them, but then the rest of the customers who have
bought the same item may give a glowing review. Looking at longer term trends can also help to
ascertain if you have a statistical aberration or a genuine trend that needs to be addressed. If a trend
rises or decreases on a regular basis you can be certain this is an important factor that will need to
be focussed upon be that a negative or a positive.
7. Do not compare unrelated data
You may have an urge to compare different geographies, separate parts of the business or different
survey results but this can be very misleading. Taking results out of context (even if they may seem
related) can offer a very distorted view.
For example, customers in different regions or countries can be notoriously different to those in
other parts of the world (through cultural or lifestyle difference etc.) Some markets may be stronger
than others, which can be for several different reasons and not necessarily down to the quality or
availability of your products or services. Each sector or region needs to be seen in its wider complex
and the feedback data considered.
8. Consolidate results and determine a plan of action
Once you have sorted through and understand the feedback results it is time to put together a
feasible and effective plan of action to address any issues.
56 | P a g e
You also need to ensure that the parts of your service which work well and have had positive
feedback continue to do this going forward. When you are addressing issues, it can be easy to
disrupt the parts of the process that work well, so you need to be aware of this.
9. Alert the right teams and individuals within your organisation
With all the insights from your collected feedback it is important to ensure everyone involved with
customer service and support is aware of the results.
Be it pricing issues, quality of products, logistical issues or website problems the appropriate
managers need to be made aware so they can carry out the right actions (even if this is to continue
doing the right things!) Equally, customer-facing teams will be well-informed to help potentially
frustrated customer with known queries.
Traffic Identification
In general, traffic will be one or more of these types:
• Protocol: a strict set of rules and formats that define how two or more elements share
information (the information flow could be one way or bidirectional). Examples include UDP,
TCP, HTTP, RTMP, SIP, FTP, and SMTP
• Application: traffic associated with a software program. Examples include Skype, Netflix,
PPStream, and games.
• Website: all the web pages that are part of a web domain and all content that is exchanged
with a domain (whether the content corresponds to a web page)
• Service: a more general term that can include websites like Twitter and Facebook, cloud
services like Salesforce, online storage, and many others.
• Provider: typically used to differentiate a brand within a type of traffic. For instance, many
different video providers use RTMP, and many different voice services rely on SIP
Traffic Categories
57 | P a g e
Traffic Measurement Techniques
Many techniques are applied, alone or in combination, to identify traffic and extract relevant fields.
It is not uncommon for vendors to use the term ‘signature’ to mean all techniques.
Increased reliability and accuracy are typically achieved at the cost of greater processing complexity.
This list introduces some popular techniques, in order of ascending reliability/accuracy:
• Port Number: this approach simply looks at the port number of the traffic and concludes
that the traffic is of the type commonly associated with this port. Because of the certainty of
false positives due to many traffic types taking random ports, this approach should not be
used in any circumstances in which reliable identification is needed.
• Regular Expression: A byte pattern that is (assumed/expected to be) a unique identifier for a
Particular traffic type. The longer a regular expression, the less chance of there being a false
positive due to matches against random data. Identification typically requires that one or
more regular expressions be applied across multiple packets and flows.
• Tracker: a stateful technique that monitors state changes within data and control traffic
both to extract information required for further identification (e.g., where the next data flow
will appear) and to provide addition information in general.
• Analyser: like a tracker, but with complete protocol awareness; that is, an analyser can
extract all meaningful pieces of information due to a complete understanding of a protocol.
In the previous example of adaptive video, a tracker would be sufficient to determine from
the control traffic where the data traffic would appear, but an analyser is required to extract
the resolution and codec information.
Network Problem
1. Duplicate IP Addresses
When two devices attempt to share a single IP, you see the dreaded “Address Already in Use”
Kill — with no ability to access the network.
The Quick Fix: The blame for this often rests with your router’s default DHCP configuration.
DHCP is probably trying to assign your new device an address at the beginning of your subnet,
and another device may already occupy these low-numbered addresses with static IPs. If you
have just introduced a new device or server to your network, it may have its own DHCP server.
Simply disable the DHCP server on that device to restore sanity to your network.
The Preventive Measure: You can take one simple step to avoid IP conflicts by modifying your
router’s configuration to begin assigning DHCP addresses near the top end of your subnet,
leaving the lower addresses available for devices that require static IPs.
2. IP Address Exhaustion
58 | P a g e
To troubleshoot this issue, use the ipconfig command. If the workstation has assigned itself an IP
address that begins with 169.x.x.x, it means that no IP address was available from the DHCP
server.
The Quick Fix: Some users on cable internet might not have a local router, in which case IP
addresses are assigned on a limited basis directly from your ISP. You have probably run out of
allowed IP addresses from your ISP. The solution to this is to purchase either a standalone router
or Wi-Fi access point with an integrated router. This creates your own local pool of internal
addresses, ensuring you will not run out.
If you already have a local router with DHCP, the default address pool might be too small for
your network. By accessing the DHCP settings on the router, you can adjust the size of the
address pool to meet your network’s needs.
The Preventive Measure: It is important that any internet-connected network have a local router
in operation with NAT and DHCP, both for security reasons and to prevent IP address
exhaustion. The router needs to be the only device connected to the modem, with all other
devices connecting through the router.
3. DNS Problems
Errors such as The Network Path Cannot Be Found, IP Address Could Not Be Found, or DNS
Name Does Not Exist, can usually be traced to a DNS configuration issue. The command line
utility nslookup can be used to quickly show a workstation’s DNS settings.
The Quick Fix: Workstations and other network devices can be configured to use their own DNS
servers, ignoring the server assigned by DHCP. Checking the ‘Internet Protocol Version 4
(TCP/IP)’ settings for your adapter will show if an incorrect DNS server is specified, so just select
“Obtain DNS server address automatically” instead.
The Prevention Measure: Your local router might be configured to operate as a DNS Server,
creating a DNS pass-through to your ISPs servers. On busy networks, this may overload the
capabilities of the router. Change your network’s DHCP settings to directly access your DNS
servers.
4. Single Workstation Unable to Connect to the Network
59 | P a g e
If only a single workstation is displaying the “No internet” message when opening a web
browser, we can usually assume that the rest of the network is healthy and turn our attention to
any hardware and software that is particular to this system.
The Quick Fix: To resolve this network issue, start by eliminating the obvious communication
barriers such as a bad cable, poor Wi-Fi signal, failing network card or incorrect drivers. Ensure
that the workstation’s network adapter is configured with the correct IP, subnet, and DNS
servers. If that does not solve the problem, check any firewall software on the device to ensure
that necessary ports are open to the external network. Common ports include 80 and 443 for
web traffic, plus 25, 587, 465, 110, and 995 for email.
The Preventive Measure: It is usually best to leave all workstation TCP/IP settings to
“Automatically assigned.” Use a DHCP server to hand out a uniform configuration to all devices
on the network. If a static IP is needed on a workstation or server, most DHCP servers allow the
ability to create static IP mappings.
5. Unable to Connect to Local File or Printer Shares
Sharing problems are among the most difficult network problems to solve, due to the number of
components that need to be configured properly.
Most commonly, sharing problems arise due to conflicts between mixed security environments.
Even different versions of the same operating system sometimes use slightly different security
models, which can make interconnection of workstations difficult.
The Quick Fix: We can cure sharing problems most efficiently by drilling down through the
possibilities in this order:
• Ensure that the required services are running. On Windows systems, the server, TCP/IP
NetBIOS Helper, workstation, and computer browser services all need to be running. On
Linux machines, Samba is the primary component required to share with Windows
systems.
• Check your firewall(s). It is very common for a workstation’s firewall to be configured to
block file and printer sharing traffic, especially if a new antivirus package is installed that
introduces its own firewall. Firewall issues can also exist at the hardware level, so ensure
that routers or managed switches are passing share traffic within the subnet. Speaking
of subnet.
• Ensure all workstations are on the same subnet. This problem typically only appears on
complex networks; however, even simple networks sometimes have static-IP equipment
with an improperly configured subnet. The result is that external traffic will move about
just fine, while internal traffic will hit unexpected roadblocks.
• All Windows network adapters will need File and Printer Sharing for Microsoft Networks,
Client for Microsoft Networks, and NetBIOS over TCP/IP enabled.
• Once the above checks have passed, it is finally time to check the most likely culprit,
permissions. There are multiple layers of access required, each with their own interface
within the OS. Check for:
o Systems configured with the wrong workgroup or domain.
o Incorrectly configured Home Group.
o Network type set to Public.
o Incorrect NTFS permissions.
6. Local Network is Unable to Connect to the internet
60 | P a g e
This situation can either be intermittent or persistent. Often, the most difficult aspect of dealing
with any external network problem is finding the company responsible. And then tasking them
to solve the issue, particularly with intermittent failures that are difficult to trace. It can
sometimes be such a problem that organizations will have to switch internet providers to solve
the issue.
The Quick Fix: A router and modem reboot is the first order of business. The tracert then utility
can be used to identify communication breaks. It will clearly hiccup on the router hop that is
causing the problem. Contact your ISP with your findings, providing screenshots, as necessary.
The Preventive Measure: To avoid the finger-pointing that can prevent rapid resolution of
external issues, do some research to ensure that you procure connectivity only from local Tier 1
providers. Other ISPs are more than happy to sell you service, however, they are simply
piggybacking the Tier 1 connection, since they do not actually own the infrastructure in your
area.
The goal is to remove as many middle-men as possible, so that when (not if) you experience a
problem, one phone call is all that is required to identify the issue and get technicians to work on
it.
7. Slow Internet Performance
Slow performance is typically due to congestion, or sometimes poor-quality connections that
have corroded or otherwise deteriorated. Congestion may not be directly related to bandwidth
exhaustion, as a single overloaded port on a switch or router can diminish network performance.
This can be especially true on leased lines where dedicated bandwidth is to be expected, but
speed tests indicate the network is not reaching its rated potential.
The Quick Fix: Use speed test websites, conducting tests from geographically remote servers.
This can pinpoint areas of congestion on the ISP’s network. In the case of cable internet, the
local network is shared amongst your neighbours, committing your ISP to a costly bandwidth
upgrade when saturation occurs. Report your findings to your ISP so that they can take steps to
resolve the issue.
DNS servers are an often-overlooked aspect of internet performance. Using incorrect DNS
servers can result in routing congestion or load balancing problems. While you should typically
use your ISP’s DNS settings whenever possible, they may be routing traffic through overloaded
web caches. You can temporarily adjust your DNS settings to use OpenDNS instead.
The Preventive Measure: if internet performance is critical, you will need to procure adequate
connectivity. While cable internet may be inexpensive, you could be setting yourself up for
frequent jeers from employees. A local DSL operator may offer improved reliability for a slightly
higher cost, but for the most consistent performance, you may find that an expensive leased line
is a requirement for your organization.
61 | P a g e
1.7 Activate and deactivate semi-permanent controls active in the
network on a regular basis to simulate irregular traffic
62 | P a g e
Self-assessment
Question 1: What is network alert?
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Question 2: Why is network monitoring important?
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
63 | P a g e
Chapter 2. Develop traffic control strategies
The chapter is going to discuss the following points in detail:
• Conduct traffic measurements across all required routes
• Analyse results, historical data and traffic volume requirements
• Determine specific thresholds, loading and grading levels to alter traffic flows
• Obtain funding parameters and budgeted levels, and determine plan amendments
• Confirm that traffic control strategies to prevent traffic problems
• Develop strategies for recovery where traffic congestion occurs
• Develop contingency plans to allow for problems during network changes
2.1 Conduct traffic measurements across all required routes
Traffic Measurement
Network traffic analysis (NTA) is the process of intercepting, recording and analysing network traffic
communication patterns to detect and respond to security threats. Originally coined by Gartner, the
term represents an emerging security product category.
How to monitor traffic?
Why Monitor Your Network?
It might seem a little too tech-y or excessive, spying on all the traffic going through your home
network, but it can help provide valuable insights into your network’s performance.
You will uncover exactly which devices, or even specific programs, are hogging your bandwidth.
Through network monitoring, you can uncover where your computers are connecting and how much
data they are sending or receiving. Then, you will be able to correct any problems and make better
use of your network.
There are plenty of ways that you can monitor your network. The three detailed here are probably
the most common and convenient.
Using Your Router
Everyone has a router, and you can access it from nearly any device on your network. All your traffic
already flows through the router, so it is the most direct source of information about what is going
on within the network.
1. You are going to need to find out your router’s IP address. For most routers it is 192.168.1.1
unless someone changed it. If you are not sure, open a command prompt, and run ipconfig. On
Mac and Linux, run ip r. On Windows, you will find your router’s IP listed as the Gateway. On
Linux, it will be next to default via.
64 | P a g e
2. Open your web browser and enter the router’s IP address in the address bar. This is exactly like
browsing to a website, so press Enter after you enter the IP address.
3. You will probably be prompted to enter your router’s admin username and password before you
can go any further. If you did not set them yourself, your ISP probably did when the set it up.
Look for any documentation they may have provided to sign in.
4. Every router is different, and so are their interfaces. When you first sign into most, you will
arrive at a basic status page. It will show you information about your router and your network
that may be useful, but not too in-depth. Try to find a Device List link to see which devices are
connected to the network.
5. Your router’s device list will show you the IP addresses of the devices connected to the network.
It may even provide a bit of information about what they are. You will usually see a computer’s
name next to the IP, if one was set. Here, you will also be able to see connection information for
Wi-Fi devices, including their signal quality and the available bandwidth.
65 | P a g e
6. Have a look around for a Status section on your router. You might be lucky enough to even have
a specific Bandwidth or Network Monitoring section. It is under a section like this that you will
be able to find more data about bandwidth usage of specific devices by IP address.
7. When you locate your router’s traffic or bandwidth monitoring sections, you will be able to see
which devices are using the most bandwidth. You will see transmission rates and other useful
stats. In some cases, you may find graphs and even real-time monitoring that provide
visualization of what is happening on your network.
66 | P a g e
8. With this information, you will be able to find out what your networks biggest hogs are and what
devices might be struggling to get a decent signal. You will also be able to see if anyone is
weaselled their way onto your network when they should not be there.
Wireshark
Wireshark is an open-source tool for packet filtering. If you do not know what packet filtering is, it is
a much lower level network management task, so Wireshark can be considered overkill for simply
viewing traffic on your network. That said, it can absolutely get the job done. Plus, it is free and
available for Windows, Mac, and Linux.
1. Open your browser and head to the Wireshark download page and grab the latest installer
for your operating system.
If you are on Linux, Wireshark is probably in your distribution’s repositories. Ubuntu and
Debian users should install Wireshark with:
$ sudo apt install wireshark
2. Run the Wireshark installer. Everything should be straightforward, and the default options
will work in almost every case.
3. Open Wireshark
4. If Wireshark looks confusing at first, do not worry. You do not need to know much about it
for the basics. Select Edit and Preferences in the top menu to set one option that you will
need.
5. A new window will open. Locate Capture in the left side list and select it.
67 | P a g e
6. The body of the window will shift to display the capture options. Make sure that Capture
packets in promiscuous mode is checked. Press Ok when it is.
7. Back on the main Wireshark window, there are two icons that you will need in the main
menu. The blue Shark Fin icon starts the Wireshark capture process that records network
activity. The red Square stops the capture. You will be able to review and even save the data
after the capture. Press the Fin to start.
8. Let the capture run for a bit. If there’s something that you’ve been having a problem with on
your network, try to recreate those circumstances. With any luck, Wireshark will capture the
moment the problem occurs, and you’ll be able to take a look at what happened.
68 | P a g e
9. After you are satisfied with the amount of info you collected, press the red Square to stop
the capture.
10. Look at the results. In the top section of the window, you will see the different packets
collected by Wireshark. Each one will have an IP address that sent the packet and one that
received it. You will also see the network protocol of each. When you select one, you will be
able to sift through the packet data in the box below. The lowest option on the list generally
contains the most “human readable” portion of information. If the packet was encrypted,
though, you will not see much.
Key Network Traffic Analysis Features
The most effective, advanced network traffic analysis solutions include the following key features:
• Broad Visibility: Whether the network communications in question are traditional TCP/IP
style packets, virtual network traffic crossing from a vSwitch, traffic from and within cloud
workloads, API calls to SaaS applications, or serverless computing instances, NTA tools have
the ability to monitor and analyse a broad variety of communications in real-time.
• Encrypted Traffic Analysis: With over 70 percent of web traffic encrypted, organizations
need an accessible method for decrypting their network traffic without disrupting data
privacy implications. NTA solutions deliver on this challenge by enabling security
professionals to uncover network threats by analysing the full payload without peeking into
it.
• Entity Tracking: NTA products offer the ability to track and profile all entities on a network,
including the devices, users, applications, destinations, and more. Machine learning and
analytics then attribute the behaviours and relationships to the named entities, providing
infinitely more value to organizations than a static list of IP addresses.
• Comprehensive Baseline: To keep up with ever-changing modern IT environments, NTA
solutions track behaviours that are unique to an entity or a small number of entities in
comparison to the bulk of entities in an environment. The underlying data is available
69 | P a g e
immediately and NTA machine learning baselines evolve in real-time as behaviours change.
Also, with entity tracking capabilities, NTA baselines are even more comprehensive as they
can understand the source and destination entities, in addition to traffic patterns. For
instance, what might be normal for a workstation is not normal for a server or IP phone or
camera.
• Detection and Response: Because NTA tools attribute behaviours to entities, ample context
is available for detection and response workflows. This means security professionals no
longer need to sift through multiple data sources such as DHCP and DNS logs, configuration
management databases and directory service infrastructure to gain comprehensive visibility.
Instead, they can quickly detect anomalies, decisively track them down, determine the root
cause and react accordingly.
The Consequential Promise of Network Traffic Analysis
What makes network traffic analysis technology particularly meaningful is its ability to combine its
core capabilities to deliver malicious intent detection. Prior to the emergence of NTA products,
intent detection was a time consuming, non-replicable process that required a high degree of skill,
with security professionals struggling to express the anomalies they needed to look for in a way that
could be automated through their security technology stack. For example, while it’s fairly
straightforward to implement a rule such as, “Alert me if a connection occurs from a country we
haven’t yet encountered,” it’s much more difficult to automate a rule like, “Alert me if anyone
connects to this database server and then transfers data 2x or more the historical average volume.
“By automating the malicious intent detection process, advanced NTA solutions are reducing the
skills and effort barrier that prevents many organizations from effectively protecting their most
critical assets. NTA tools’ rule-based detection capability is also enabling more organizations to seek
out specific attack tactics, techniques, and procedures. Because the rules themselves are easy to
define and are automatically correlated across entities, time, protocols, and other relevant
parameters, security professionals can look for sequences of events over weeks or months while
mapping them to a known attacker kill chain or framework such as MITRE ATT&CK matrix.
Perhaps the most promising aspect of NTA solutions is the fact that they empower organizations to
adapt the technology to align with the unique nuances and needs of any network. This allows
security professionals to implement custom detection of threats that are organization-specific
without requiring experienced data science teams or the need to modify training sets or algorithms.
For more information refer to chapter 1
2.2 Analyse results, historical data and traffic volume requirements
Historical Traffic Data
Historical Traffic Stats is a self-service product that analyses historical location data and provides
traffic insights on speed, travel time and sample size on the road network. Users can easily create
customized reports to identify congestion bottlenecks, mobility pain points and capacity on the road.
Internet connection speed depends on several factors, first is the bandwidth. Organizations with a
large number of devices usually ensure themselves a bandwidth big enough to allow all users to
browse and perform activities like cloud backup and/or video or audio streaming, without
compromising company productivity, by signing appropriate contracts with one or more Internet
providers on the market.
70 | P a g e
Internet connection speed and the degree of network congestion depends also on the amount of
data downloaded by each user, for example, the use of some ‘peer to peer’ and ‘file sharing’
applications requires a high absorption of the resources of network and consequently can degrade
the average quality of service, especially during peak traffic hours.
The inappropriate use of the company Internet connection can be easily addressed with some tools
available on the Cisco Meraki platform, where it is possible, for example, to limit the bandwidth or
prevent access to some services. To check the connection’s performance and identify critical
situations, the Meraki dashboard makes available some tools with which the Admin can monitor the
band usage.
Historical Bandwidth Usage, a V-App Smart Integration Platform App, does the same but in an easy
to access and read environment, giving you up to 120 days of historical bandwidth usage in a glance.
All you need to do is log in in your V-App dashboard and all information you need to know about
your Cisco Meraki network are there, in front of you.
How many network users does each country have?
The network has been one of our most transformative and fast-growing technologies. Globally the
number of internet users increased from only 413 million in 2000 to over 3.4 billion in 2016. The one
billion barriers were crossed in 2005. Every day over the past five years, an average of 640,000
people went online for the first time.
But how many people from each country are online? In the maps we see the total number of users
by country, and the percentage of a country’s population who are users.
China and India take the top two slots despite having only 50 and 26 percent online, respectively.
The top six countries by users (and the only countries with over 100 million) in 2016/17 were8:
• China = 765 million
• India = 391 million
• United States = 245 million
• Brazil = 126 million
• Japan = 116 million
• Russia = 109 million
The internet has been growing at an incredible rate; many countries including India, Bangladesh,
Cote d’Ivoire, Ghana, and Malawi have doubled the number of users in the last 3 years alone.
Around half of the world is not yet online, the internet’s history has only just begun, but with 27,000
new users every hour, many will experience it for the first time soon.
71 | P a g e
72 | P a g e
Traffic volume requirements
A stable, high-speed (wired or wireless) Internet connection is required for online testing. The
response time for each assessment depends on the reliability and speed of your school’s network.
You will need to verify your network settings.
Wireless Security – Due to the sensitivity of test-related data, encryption is required. It is highly
recommended that wireless traffic use WPA2/AES data encryption. Because encryption/decryption
is part of the data exchange process, there may be a slight decrease in the overall speed of the
network.
The Local Caching Software (LCS) is an optional tool that can be used to help reduce networking
issues and increase your local testing capacity.
Bandwidth
Bandwidth is the measure of the capacity of a network. Utilized bandwidth measures the amount of
data traveling across the network at a given point in time. Available bandwidth is affected by local
school network traffic and your Internet connection. Regardless of hardware or network topology,
the LAN should be analysed to determine the potential for traffic bottlenecks.
How to calculate network bandwidth requirements?
Bandwidth requirements vary from one network to another, and how to calculate bandwidth
properly is vital to building and maintaining a fast, functional network.
As most network administrators can attest, bandwidth is one of the more important factors in the
design and maintenance of a functional LAN or WAN. Unlike a server, which can be configured and
reconfigured throughout the life of the network, bandwidth is one of those elements of network
design that is usually optimized by figuring out the correct bandwidth formula for your network from
the outset.
Understanding bandwidth
Bandwidth refers to the data rate that is supported by the network connection or the interfaces that
connect to the network. It represents both volume and time, representing the amount of data that
can be transmitted between two points in a set period. It is usually expressed in terms of bits per
second (bps), or sometimes in bytes per second (Bps).
Network bandwidth represents the capacity of the network connection, though it is important to
understand the distinction between theoretical throughput and real-world results when figuring out
the right bandwidth formula for your network. For example, a 1000BASE-T which uses unshielded
twisted-pair cables Gigabit Ethernet (GbE) network can theoretically support 1,000 megabits per
second (Mbps), but this level can never really be achieved in practice because of hardware and
systems software overhead.
One point to consider when thinking about how to calculate bandwidth needs on your network is
this: Bandwidth should not be confused with throughput, which refers to speed. While highbandwidth networks are often fast, that is not always the case. A helpful metaphor when thinking
about bandwidth is cars on a highway. A high-bandwidth network is like a six-lane highway that can
fit hundreds of cars at any given moment. A low-bandwidth network is like a single-lane road in
which one car queues directly behind another.
73 | P a g e
Although the large highway is likely to move vehicles faster, rush-hour traffic can easily bring cars
and trucks to a standstill. Or, perhaps, the cars cannot get onto the highway quickly because it is
clogged with large delivery trucks that take up a lot of space on the road. Similarly, even a highbandwidth network can run slowly in the face of problems, such as congestion and bandwidthhungry applications.
These very points make calculating bandwidth requirements a challenge, yet the consequences of
getting the bandwidth formula wrong are considerable. If you do not procure enough bandwidth,
you all but guarantee the network will run slowly. However, significantly overprovisioning bandwidth
can be cost-prohibitive for most enterprises.
So, how do you determine the right formula that will meet your bandwidth requirements? The
process begins with asking the right questions: What applications are users running, and what is the
performance service-level agreement for these applications? Some network managers who are only
concerned with how many users are on a virtual LAN. What you really need to know is what the
users will be doing on the network. It’s possible that 200 users will cause less of a bottleneck than a
group of three users that really beats the heck out of the network because of some funky clientserver application or extensive use of a bandwidth-heavy service, like high-definition video
conferencing.
How to calculate bandwidth
There are two basic steps to calculating bandwidth requirements:
• Determine the amount of available network bandwidth.
• Determine the average utilization required by the specific application.
Both figures should be expressed in bytes per second. Consider the following formula: A GbE
network has 125,000,000 Bps of available bandwidth. This is computed by taking the number of bits
in a Gigabit network, that would be 1 billion and dividing that by eight to determine the bytes:
1,000,000,000 bps / 8 = 125,000,000 Bps.
After determining the network’s bandwidth, you will have to see how much bandwidth each
application is using. Use a network analyser to detect the number of bytes per second the
74 | P a g e
application sends across the network. To do this, first enable the Cumulative Bytes column of your
network analyser. The next steps in the bandwidth formula are:
• Capture traffic to and from a test workstation running the application.
• In the decode summary window, mark the packets at the beginning of the file transfer.
• Follow the timestamp down to one second later, and then look at the cumulative byte field.
If you determine that your application is transferring data at 200,000 Bps, then you have the
information to perform the calculation: 125,000,000 Bps ÷ 200,000 = 625 concurrent users. In this
case, the network will be fine even if there are several hundred concurrent users.
Look what would happen, though, if you had a 100 Mbps network: 13,102,000 Bps ÷ 200,000. You
would then have a network that could not support more than approximately 60 users running the
application concurrently. Knowing how to calculate bandwidth formula is, therefore, very important
to network administrators.
A final recommendation: Capture the data in 10-second spurts and then do the division. It is also a
good idea to check multiple workstations to ensure the number is reflective of the general
population. It is also important to determine how many concurrent users you will have.
2.3 Determine specific thresholds, loading and grading levels to alter
traffic flows
Threshold Level
Thresholds are defined values that determine if a statistic is above, below, or within a normal range
on your network.
Thresholds are also used when displaying colours in dashboards. Anything below the marginal
threshold is blue, anything between the marginal and critical threshold is yellow, and anything above
the critical threshold is red. Thresholds can also be used as part of status widgets that are based on
either performance or a baseline.
How to configure thresholds
In Apex, the default thresholds are pre-configured, so additional setup is rarely needed. If necessary,
you can change them to better reflect your network conditions.
To configure a threshold:
• In the web interface, click Configuration > Thresholds.
• Select one by clicking a table row.
The editing pane appears.
• Edit one or more of the following choices:
o Threshold Type: Threshold Type sets whether the threshold is crossed above or below its
marginal and critical values.
o Marginal Value: Marginal Value determines if a statistic is slightly out-of-range for your
network. Based on Threshold Type, ‘marginal’ is either above or below this value, and
widgets display a yellow colour if a ‘Marginal Value’ is crossed.
o Critical Value: Critical Value determines if a statistic is greatly out-of-range for your
network. Based on Threshold Type, ‘critical’ is either above or below this value, and
widgets display a red colour if a ‘Critical Value’ is crossed.
75 | P a g e
o Click the accept icon.
Loading Level
Load balancing refers to efficiently distributing incoming network traffic across a group of backend
servers, also known as a server farm or server pool.
Modern hightraffic websites must serve hundreds of thousands, if not millions, of concurrent
requests from users or clients and return the correct text, images, video, or application data, all in a
fast and reliable manner. To costeffectively scale to meet these high volumes, modern computing
best practice generally requires adding more servers.
A load balancer acts as the “traffic cop” sitting in front of your servers and routing client requests
across all servers capable of fulfilling those requests in a manner that maximizes speed and capacity
utilization and ensures that no one server is overworked, which could degrade performance. If a
single server goes down, the load balancer redirects traffic to the remaining online servers. When a
new server is added to the server group, the load balancer automatically starts to send requests to
it.
In this manner, a load balancer performs the following functions:
• Distributes client requests or network load efficiently across multiple servers
• Ensures high availability and reliability by sending requests only to servers that are online
• Provides the flexibility to add or subtract servers as demand dictates
Network traffic flows
Benefits of Network Flow Analysis
Network flow data is aggregated packet header data (but no content capture) for a communication
between a source and a destination. Communications are distinguished by the protocol-level
information in the header and the proximity in time (i.e., a flow contains aggregated header
information for all packets that use the same protocol settings within a designated time window).
There are several reasons that network flow data is a useful format for analysing network traffic:
76 | P a g e
The lack of specific details regarding the content of a specific piece of traffic makes the collection of
network flow highly concise. Network flow enables analysts to record the presence of a
communication in a very small footprint, which means the data can be collected economically across
a large network and stored for months to years (and also limits or eliminates personally identifying
information [PII]).
Network flow contains sufficient indicative information to allow network defenders to perform a
variety of analyses to search for threats or context information that can help defenders understand
what is going on. For example, when examining web traffic, network flow data would contain the
source and destination IP addresses involved, the amount of data sent, the number of packets, and
the time duration of the communication.
Most web traffic from server to client is quick, with high byte volume and relatively modest numbers
of packets (since the server is sending relatively full packets to the client). If traffic from server to
client involves more modest byte volumes and higher numbers of packets over a longer timeframe,
then it can be questioned as to whether it is normal web traffic. If such abnormal flows occur in
patterns outside of normal workday patterns, then suspicions would be raised further. On the other
hand, network defenders and analysts must have enough context to identify key websites for users
and make sure that they are not blocked.
Network flow can also be used to identify a likely source of a spam email within a five-minute
window of its arrival on a network and implement remediation. For example, a rolling block can
reduce spam traffic by as much as 75 percent by rapidly blocking out the source IP address, even for
short periods of time.
Combining Network Flow with Other Data Sources
77 | P a g e
Although network flow is a powerful data source, it is not the only source of data that analysts and
security staff should use to analyse network traffic. Content-based attacks, such as SQL injections
strike through the data (dynamic database inquiries that include user supplied output) and allow
attackers to execute malicious SQL statements on a web application’s database server. If analysts
limit their examination to network flow data after a web application attack, the lack of content in
that data means that they would not be able to determine that the event was an SQL injection.
In large organizations, analysts contend with so much data traffic that network analysts need to
employ a mix of methods to secure a network. Analysts must be able to, from a starting event,
generalize their analysis and expand its focus so they capture all the aspects relative to
understanding this unexpected change in network traffic (bottom up). These changes can be benign,
for example, a new service comes out and users use this serve and security measures need to
protect this new service. Analysts also need to start with a model of network behaviour and then
narrow the focus to specifically investigate deviations from this model that may reflect intrusions on
the network (top down). Again, such deviations may be benign, for example, traffic involving a group
of developers working unusually late hours and accessing sites not normally found in the network
traffic.
Defenders of information networks in large-scale organizations don’t just use network flow data
alone. Analyses using top down or bottom up combine network flow data with other information
from the network including
• intrusion detection system (IDS) alerts, generated by rules that recognize known intrusion
traffic or that indicate significant anomalies from expected network traffic
• network management data (i.e., vulnerability scans, configuration checks, and population
checks with respect to software versions, which can be done with network management
software)
• full packet capture of traffic relating to servers or services of specific concern
• firewall records – blocked traffic or unexpected termination of connections, also proxy logs
to identify service requests that were permitted or blocked
• Server logs – host and application level events recorded with respect to mission related
services
• network reputation data – where the addresses are registered to and the degree of
previously seen undesirable traffic related to those addresses
• active or passive domain name resolutions – where domain names are mapped to IP
addresses, either by direct query or by passively recording the results of previous queries
2.4 Obtain funding parameters and budgeted levels, and determine plan
amendments
78 | P a g e
2.5 Confirm that traffic control strategies to prevent traffic problems
2.6 Develop strategies for recovery where traffic congestion occurs
Traffic Congestion
Just like in road congestion, Network Congestion occurs when a network is not able to adequately
handle the traffic flowing through it. While network congestion is usually a temporary state of a
network rather than a permanent feature, there are cases where a network is always congested
signifying a larger issue is at hand.
In this section, we will discuss five (5) common causes of network congestion including:
• Over-subscription
• Poor network design/misconfiguration
• Over-utilized devices
• Faulty devices
• Security attack
For more information, Refer to chapter 1.
Strategies to control traffic
There are many causes of network congestion. Here, are some strategies to reduce network/traffic
congestion.
1. Monitor Your Network Traffic
Monitoring network traffic provides insight about where possible congestion may lie. What this
means is that you can make network adjustments to problem areas. The only way to understand if
slow network speeds are caused by congestion is to monitor.
Network monitoring is how you begin reducing network congestion. You must understand the
distribution of network traffic to analyse reduction in congestion. Once you analyse traffic, then you
can provide optimization solutions.
79 | P a g e
2. Network Segmentation
Segmenting a network is a process in computer networking. The process is to divide your network
into smaller sub-networks.
The benefit of segmenting your network is to group assets and groups into specific areas. This will
allow for monitoring traffic in groups. It provides grain level insight into the function of your
network. By segmenting, you can now reduce network congestion in specific areas of your network.
Not having to guess where the congestion is occurring.
3. Use a Content Delivery Network
The use of a content delivery network (CDN) has many advantages. Most of the advantages pertain
to the global distribution of static content. As about 2/3 of a company’s content is static, this can
provide network management benefits.
The CDN will place content on edge serves. The result will be less requests coming into your
network. If you have segmented your network, this will especially hold true. Less requests will mean
less opportunity for congestion. Also, a CDN will assist with bandwidth management.
Implementing a CDN can reduce network congestion by placing more requests on edge servers.
Away from your central network.
4. Reconfigure TCP/IP Settings
As traffic is moving over a network, it could be that a sending computer is transferring files faster
than the receiving computer can process. The issue with this is that in an un-congested network,
packets transfer fast. When they get to the receiving computer, they will become congested. The
result is packet loss, as data is not processed.
To solve for this issue, you can adjust the TCP/IP settings to slow the request of packets. This can be
useful when more computers request on a network. By slowing requests, the receiving computer will
be able to manage processing the packets. This can minimize the occurrence of congestion.
5. Backpressure Routing
80 | P a g e
As the throughput of a network reaches capacity, rather than continuing to send data over
that network route, you can choose a different path. This is the concept of backpressure
routing.
Backpressure routing is an algorithmic implementation on a network. It specifies that when a
network route begins queueing, traffic is routed over a different path. This solution applies primarily
to multi-hop routing but is effective in eliminating congestion.
Although backpressure routing is primarily theoretical, there is increasing potential for its use. As
shortest logical path routing of border gateway protocol (BGP) needs to evolve, this is a logical
approach to addressing congestion.
6. Choke Packet
To prevent congestion from escalating, the use of a choke packet can be a good strategy. A choke
packet is used in network maintenance to prevent the congestion of a network.
As a network begins to slow and become congested, a choke packet is sent to slow the output of the
sending computer. Decreasing the sending rate is what will allow the receiving computer and routers
to catch up. This can prevent the congestion from getting worse and leading to packet loss or a time
out.
7. Implicit Congestion Notification
Implicit congestion notification is a notification process that is performed at each hop of data
transmission. This means there is a node in the sending data packets. The node will pick up
information to determine whether there is a possibility of congestion.
The benefit to this notification system is there is no extra control messages needed. This contrasts
with our next notification setting, which is explicit congestion notification.
8. Explicit Congestion Notification
Explicit congestion notification (ECN) is a notification mechanism that alerts if there is congestion
within a network. It works such that there are no packets dropped as congestion begins to occur.
81 | P a g e
In a system where ECN is not used, the congestion notification is dropped packets. This is not an
ideal situation as you begin to lose data. The result is packet loss, which can lead to jitter and more
congestion.
Having a signalling mechanism can allow changes before congestion occurs.
9. Prioritize Network Traffic
Preventing congestion can be changing a router setting. By understanding quality of service (QoS)
principles, the prioritization of traffic over your network can be important. This is most often used in
voice over IP (VoIP) settings. In this situation, VoIP always gets the priority over a network.
Prioritization of traffic is ideal for bandwidth utilization. It can ensure there is no one application that
is a bandwidth-hog. Also, by adjusting router settings, you can reduce congestion before it begins.
10. Use Network Redundancy
Redundancy ensures network availability. What redundancy does is ensure that if one router or
network route becomes congested, a second route is used in its place. This would make sure there is
no packet loss or a time out due to congestion.
The redundancy system would be the failover option for when congestion gets so bad there is a time
out. Also, redundancy is used most often when there is a network outage. It prevents an enterprise
network form going down.
There are many network congestion solutions and I realize I said I was going to provide 10 ways to
reduce traffic congestion, but I want to throw in a bonus. A shameless plug. The Datapath.io
solution.
11. The Datapath.io Solution
Datapath.io can reduce congestion by providing access to the lowest latency networks. Datapath.io
will determine network paths based on global monitoring of the Internet. This is 600,000+ network
nodes. By monitoring the Internet, Datapath.io will route your traffic over the lowest latency route.
This includes un-congested network routes. Then, if a route begins to become congested, the real
time updates will allow Datapath.io to send traffic over a different route. Automatically.
Now that you understand ways to reduce network congestion, you can provide a better user
experience, ensure optimal network uptime, and reduce the incidence of packet loss.
Strategies to recover traffic
Decrease high bandwidth usage
Wondering how to check network congestion before it is an issue? NetFlow Traffic Analyzer provides
intuitive network congestion solutions for monitoring, analysis, and management to help avoid
common congestion causes.
Create customizable network traffic reports
Review historical data to detect network congestion and adjust policies for better management.
Identify the cause of network congestion
Detect specific apps and endpoints taking up the most bandwidth by analysing network traffic.
82 | P a g e
Perform network congestion tests
Get to the root cause of bandwidth issues with an intuitive point-and-click interface and flow data
analysis from multiple vendors, including NetFlow v5 and v9, Juniper J-Flow, sFlow, Huawei Net
Stream, and IPFIX. SolarWinds® NTA identifies network congestion issues fast and displays the
specific endpoints or applications consuming the most bandwidth. Use NTA’s network congestion
control tools to identify habitual bottlenecks and adjust policies for better management, so that you
do not spend money on additional unnecessary bandwidth.
Divulge network top talkers
See how to detect network congestion and unveil which specific users and applications are
responsible for network congestion creating bottlenecks. Target specific top talkers on your network
that consume the most bandwidth to reduce the congestion problems caused by their usage. NTA
also allows you to track application traffic arriving from designated ports, source IPs, destination IPs,
and even protocols.
Gain visibility and correlate data
Gain deep visibility into any element’s traffic using multiple views, and truly visualize your network’s
traffic patterns to resolve congestion in the network. SolarWinds PerfStack™ dashboard with cross
83 | P a g e
stack network data correlation helps accelerate identification of root cause by dragging and
dropping network performance metrics on a common timeline for immediate visual correlation
across your network data. You can investigate, isolate, and monitor excessive network bandwidth
utilization and unexpected application traffic to prevent potentially recurrent network congestion
issues.
2.7 Develop contingency plans to allow for problems during network
changes
Contingency Planning
A contingency plan is a course of action designed to help an organization respond effectively to a
significant future event or situation that may or may not happen.
84 | P a g e
A contingency plan is sometimes referred to as “Plan B,” because it can be also used as an
alternative for action if expected results fail to materialize. Contingency planning is a component of
business continuity, disaster recovery and risk management.
The seven-steps outlined for an IT contingency plan are:
• Develop the contingency planning policy statement. A formal policy provides the authority
and guidance necessary to develop an effective contingency plan.
• Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information
systems and components critical to supporting the organization’s mission/business
functions.
• Identify preventive controls. Measures taken to reduce the effects of system disruptions can
increase system availability and reduce contingency life cycle costs.
• Create contingency strategies. Thorough recovery strategies ensure that the system may be
recovered quickly and effectively following a disruption.
• Develop an information system contingency plan. The contingency plan should contain
detailed guidance and procedures for restoring a damaged system unique to the system’s
security impact level and recovery requirements.
• Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas
training prepares recovery personnel for plan activation and exercising the plan identifies
planning gaps; combined, the activities improve plan effectiveness and overall organization
preparedness.
• Ensure plan maintenance. The plan should be a living document that is updated regularly to
remain current with system enhancements and organizational changes.
Conducting a Risk Assessment
Every organization faces a unique set of risks that it needs to plan for. They key to identifying yours
is to conduct a thorough risk assessment.
The first step is to identify your business-critical operations. These are the key processes and
functions without which your organization could not operate for example, your supply chain, your
internet connection, or your ability to comply with legal standards.
Next, identify the threats that could harm each critical operation. These could include the loss of key
staff, technical failure, or a change in government policy, for example.
Chances are, you will end up with a long list of potential threats. It may be unrealistic to attempt
contingency planning for all of them, so you need to prioritize.
Risk Impact/Probability Charts are a good way to do this. These charts help you to analyse the
impact of each risk, and to estimate how likely it is to happen. This reveals which risks require the
expense and effort of risk mitigation. Business processes that are essential to your organization’s
survival, such as maintaining cash flow and market share, are typically at the top of the list.
Developing Contingency Plan
The following 3 steps can be used to create a contingency plan:
Assess the Risk
Before we can develop our contingency plan, we need to understand the potential risks being faced
by the organization.
85 | P a g e
A simple process we can use to assess risks is as follows:
Identify Critical Functions
To find the important risks we first need to understand the critical functions within the organization.
You can help yourself identify these functions by asking “what if?” questions. For example, what if a
certain supplier went bankrupt? What if we lost all customer data? What if the entire sales team was
ill for a week?
Identify the Risks
For each of these critical parts of the business, find the risks being faced. To help you identify the
risks you may want to consider the following risk areas:
• Natural Disasters: these are things such as flooding, earthquakes, and fire.
• Product Issues: for example, what would happen if your product needed to be recalled?
• Equipment Issues: for example, what would happen if a key piece of equipment or software
failed?
• Supplier Issues: for example, what would happen if a supplier terminated their contract?
• Team Issues: for example, what would happen upon the death or illness of a core team
member?
• PR Issues: for example, what would happen in a negative story ran in a major media outlet?
• Governmental Issues: for example, what would happen if the sales tax rate suddenly
changed?
• Legal Issues: for example, what would happen if you were alleged to be in breach of
copyright?
• Employee Issues: for example, what would happen if an employee stole from the
organization?
Prioritize the Risks
One of the traps of contingency planning is that you over plan, meaning that you try to plan for
every eventuality. This is obviously wasteful as it’s extremely unlikely most events will occur, so what
we want to do is create contingency plans for those events which will either impact the organization
in a major way or are quite likely to occur.
We can do this by ranking our risks in terms of probability of occurrence and impact on the
organization.
86 | P a g e
Create the Contingency Plan
At this stage we have a prioritized list of risks, that is, a list of things that might go wrong including
how they might go wrong, and what impact that might have on the organization.
Now it is time to create our contingency plans, detailing how we are going to react if any of these
things do go wrong. The most sensible way to start this work is to tackle the highest priority threats
first. In our example above, this means that we would create a contingency plan for risks 1 and 3
before moving on to the lower priority risks.
There is no right or wrong way to create a contingency plan, but the plan should contain step-bystep instructions detailing what needs to happen and when to get the business back to normal
operations.
Despite there being no right or wrong way to put together a contingency plan, you may find the
following pointers useful:
• Determine the precondition: what event must happen for the contingency plan to be
activated?
• Specify exactly who is in charge at each stage of the contingency plan.
• Identify the needs of all stakeholders up front and involve them in creating the contingency
plan.
• For each action, you include in your plan be sure to include who is responsible for that
action, who they report to, how long the action will take, and what communication will
happen.
• Document communications: different contingency plans will require different
communications. For example, the company website crashing may require internal
communications to coordinate the resolution of the problem as well as email
communications with customers to keep them abreast of progress towards resolution.
However, if your product were found to cause actual bodily harm to one of your customers
then this would require not only internal communications but also very carefully managed
public relations.
87 | P a g e
Once you have created your plan, you will need to get it approved and included in any standard
operating procedures (SOPs) so as everyone understands when the plan should be triggered and
their part in it.
It can be useful to test your plans. That is, to simulate the triggering of a contingency plan to
perform a dry run through the steps detailed in the plan. This will help ensure that the plan is fit for
purpose.
Maintain the Contingency Plan
Just as with life, business does not exist in a vacuum. The world around us is in constant change.
Because of this, it is important not to just set and forget your contingency plans. They will need to be
updated regularly for several reasons, including:
• The way a system works has changed.
• A key team member has left/joined the organization.
• The organization structure has changed.
• New risks have emerged, or existing risks have gone away.
• New products are introduced to the market.
• New technology has replaced old.
88 | P a g e
Self-assessment
Question 1: What are the benefits of network flow analysis?
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Question 2: What is traffic congestion?
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
89 | P a g e
Chapter 3. Apply short and long-term traffic solutions
The chapter is going to discuss the following points in detail:
• Implement software changes according to planned network strategy
• Develop short-term ad hoc solutions where only a temporary solution is required
• Confirm that reversal action can be initiated in cases of temporary solutions
• Implement contingency plan where required according to organisational requirements
• Conduct monitoring of changes and take measurements to assess outcomes of variations
• Analyse measurements and provide a report to relevant personnel with recommendations
for further changes
• Review and monitor strategies and initiate corrective action where required
3.1 Implement software changes according to planned network strategy
Adopt a proven methodology to set guidelines for change
Much like communication and collaboration tools, your company might already have a methodology
in place to manage change.
If not, a software implementation is a great time to instil one. Such a methodology provides the
steps necessary to ensure sustained user adoption for the newly implemented system.
Short recommends using the ADKAR change model:
Again, ADKAR can boost user adoption for your software implementation and help manage other
organizational changes.
Define clear goals that the newly implemented software will help achieve
90 | P a g e
You will want to return to your needs document for this step.
• Identify what the pain points are that the new software address.
• Ask yourself what the optimal business output is if those pain points are removed. Be as
specific as possible.
• Whatever that best case scenario is should be the goal that this software will help achieve.
For example, “Instead of [saying] ‘eliminating the backlog of work orders,’ challenge your
organization to ‘reduce the average backlog of work orders by 50 percent within six months.’” Again,
be specific.
A specific goal creates accountability for users and provides a tangible cause for effectively adopting
the new software.
Personalize messaging and communication about the implementation for each team
You have gone through the trouble of defining pain points, setting a methodology for change, and
listing implementation goals.
These are big deals that need to be properly communicated to those teams adopting the new
software as well as the organization at large.
It is best to personalize messaging at the team level. Each team will likely have different goals that
the new system will help them achieve. You will want to home in on those team-specific goals when
communication with individual teams. This sense of personalization will go a long way in drive
adoption.
Focus on Continuous Improvement
Though I am sure you are elated to get running with your new software, you are going to want to
master walking with it first. It might take some time to get up to full speed, and that is fine—just
continue working better with the software each day.
To support the long-term implementation of your new system, start by prioritizing those capabilities
that need to be mastered first. This will help influence training and provide benchmarks for regular
check-ins.
Training is a central pillar in continuous improvement. But much like implementation, the right kind
of training done when needed is better than poor training done often.
91 | P a g e
Employing training best practices are an obvious, sure-fire way to install continuous improvement in
your implementation strategy. But do not settle for just guessing what works.
Just like with monitoring actual adoption and use rates, you can monitor the training that resonates
most with specific teams in your organization. Remember, the end game here is to affect the
greatest improvement possible.
3.2 Develop short-term ad hoc solutions where only a temporary
solution is required
3.3 Confirm that reversal action can be initiated in cases of temporary
solutions
3.4 Implement contingency plan where required according to
organisational requirements
Implement a Contingency Plan
A contingency plan is developed to prepare a business to face abnormal situations and mitigate the
impact of sudden disasters. The contingency plan outlines the procedure to be followed in the event
of failure of one or more critical systems. A contingency plan is often referred to as a business
continuity plan (BCP) and professional template can be found by clicking here.
The implementation of a contingency plan depends upon the size of the organization and the
resources available during the crisis. The plan should be designed, reviewed, and accepted by the
management. The plan should be shared with the key members of the organization. Companies
92 | P a g e
should periodically execute the steps outlined in the contingency plan as an exercise, to be prepared
when the need arises.
The business should have a contingency team that takes over the operations and implements the
plan for every type of risk identified. Equipment failure due to natural disasters and sabotage may be
covered by insurance. The personnel implementing the contingency plan should be aware of the
contact details of people or service providers to be reached during the emergency, to get assistance
in fixing the issue and bringing the business operations back to normal.
Communication and notification are an important part of implementing a contingency plan. If a
primary business location is affected by fire or flood, the contingency plan might be to move the
employees and equipment to another location. To implement this plan of shifting operations to a
new location, there should be a good communication plan in place. If the problem arises during
working hours, the evacuation procedure should be followed, and emergency help lines should be
used to secure help. The persons responsible for implementation of the contingency plan should be
able to contact all employees by a previously agreed upon mode (telephone / e-mail / SMS) and
inform them to report for work at the new location until the old one can be made functional again.
External suppliers, distributors and customers should also be notified of change in location, and
whom to get in touch with to resume operations and contact details.
Contingency planning is important while executing a project. If a key team member is rendered out
of action, there should be another team member capable of stepping in to perform important tasks.
If the project follows good knowledge sharing practices and has good documentation, it will facilitate
induction of new support staff (developers / testers) for assistance. It is important to communicate
to the client that the absence of the regular person will not affect the project delivery schedule. If
the project runs into issues which are likely to affect budget or deadlines, the person(s)
implementing the contingency plan should know what needs to be communicated to client. The
person should also know how and when the information should be sent to convince the client that
measures have been taken to mitigate the risks and bring the situation under control. The
implementer should perform follow-ups and send status updates to keep the management and
client informed during a problem situation.
93 | P a g e
For more information refer to chapter 2.
3.5 Conduct monitoring of changes and take measurements to assess
outcomes of variations
Network traffic Monitoring and Measurement
Active Network Monitoring is a practice performed by network engineers to test networks by
inserting test traffic and tracking its path towards a destination. It does this by sending ICMP packets
to collect measurements between two endpoints or more in a network.
Below are some of the metrics that Active Measurement systems must deal with:
• Packet Delay
• Packet Loss
• Packet Reordering
• Availability
• Routes
• Packet Inter-arrival Jitter
• Bandwidth Measurements (Capacity, Achievable Through-puts)
Widely used tools such as PING, which is used to measure packet loss and packet delays and
traceroute which can help determine the topology of the network, are some common examples of
essential active measurement tools.
Both simple tools transmit using ICMP packets, or probes to a designated host and wait for the host
to respond to the sender.
For instance, in the diagram shown above a ping command uses active measurements by sending an
Echo Request from the source host through the network to a stated destination. An Echo Response
is then transmitted back by the destination to the source from where it received the request.
Not only an individual would be able to collect the metrics mentioned above from these active
measurements, but it also enables you to determine the network topology.
Monitor changes in Network
94 | P a g e
Unauthorized configuration changes can wreak havoc on business continuity, which is why
detecting, and tracking changes is a crucial task for network admins. Although changes can be
tracked manually, this method tends to be time consuming and often leads to human error, like
missing out configurations of critical network devices while tracking.
To resolve this, Network Configuration Manager offers real-time configuration change detection.
Using real-time change detection, admins can track and detect changes in real time, which helps
with gaining total control over all the devices in their networking environment.
Real-time change detection must be enabled in the network devices you want to detect changes for.
The below events give an in-depth look at how real-time change detection works in Network
Configuration Manager:
• When an admin, operator, or user log in and out of a network device, the device generates a
syslog message.
• These syslog messages will be sent to the built-in syslog server in Network Configuration
Manager, which looks for the log out message.
• Upon receiving a log out message, Network Configuration Manager triggers the
configuration backup of that network device. This is because whenever someone logs out of
a device, there is a possibility that person made a change in the config file of that device.
• This backed-up configuration file is then compared to the latest configuration version of that
device and is checked for any changes.
• If any change is detected, the backed-up configuration file is encrypted and stored in
Network Configuration Manager’s database.
• If no change is detected, the backed-up file is discarded.
Real-time change notifications for Network devices
Manually checking every configuration to see if a change was made is an impossible task. Network
Configuration Manager simplifies managing configurations by providing real-time notifications via:
• Email: Here, you can specify which email you want these notifications to be sent to. You can
provide more than one email address. You can also edit the subject as well as the content in
the notification. Using distinct subject lines helps with quickly identifying notifications while
looking through your inbox.
95 | P a g e
• SNMP traps: It is best to alert your network monitoring solution about changes made to your
devices. Network monitoring solutions are alerted about changes using SNMP traps. Using
Network Configuration Manager, you can send SNMP traps to your network monitoring
application. As shown below, you can configure the IP address/hostname, destination port
and community (private/public) for the SNMP traps.
• Syslog messages: When a change is made in the devices associated, the syslog server triggers
syslog messages. If these changes were made to a security device or a core router, then the
syslog message must be sent to SIEM applications. With Network Configuration Manager
you can configure syslog messages to be sent to SIEM applications from the NCM server.
3.6 Analyse measurements and provide a report to relevant personnel
with recommendations for further changes
How to prepare report?
This tutorial focuses on the common elements of IT reports. While there are several varieties of
reports to suit specific purposes, most reports have a similar structure. The major components are:
• Introduction
• Body
• Conclusion
You need to develop the skills to produce a clear, concise, and professionally presented report to
succeed both at university and in your future career. At university, reports are read by lecturers and
tutors to assess your mastery of the subjects and your ability to apply your knowledge to a practical
task. In the workplace reports will be read by managers, clients, and other stakeholders.
While reports vary in the type of information they present (for example, original research, the
results of an investigative study or the solution to a design problem), all share similar features and
are based on a similar structure.
Some key features of reports include:
96 | P a g e
• Aims: for quick and easy communication of information
• Design: for selective reading
• Structure: sections with numbered headings and subheadings
• Illustrations: figures and diagrams to convey data
• Language: formal and objective.
Most reports have a similar structure:
Title page
A title page is presented on a separate page and should include:
• subject name and code
• assignment number
• title of the report
• due date
• student’s name and ID#
• tutor’s name
• course name and number
• department and university
• date of submission.
The title of the report should indicate exactly what the report is about. The reader should know not
only the general topic, but also the aspects of the topic contained in the report. Therefore, a report
title needs to be specific to the topic. For example, “Reasons for IT to lose its grip on large data” is a
better report title than “Large data in IT”, if the report is focused on why IT loses its grip on large
data.
Summary
Some key points about a Summary:
• A Summary, sometimes called an Executive Summary or an Abstract, is usually 100-200
words long for a short report or a page long for a longer report.
• It provides a brief overview of the report by stating the purpose, defining the topic,
summarising the main sections of the report, and stating the conclusion or outcomes.
• Most people don’t write an Abstract until they finish writing the report.
• It is NOT an introduction to the topic.
• Remember that a Summary needs to be concise. A busy manager who might not have time
to read the full report should be able to get the gist of the whole report by reading the
Summary.
To be included in a Summary:
• topic of the report
• outline of the approach to the task if applicable
• most important findings of research or key aspects of design
• main outcomes or conclusions.
• NOT to be included in a Summary:
• general background information
• in-text citations
• reference to later diagrams or references.
97 | P a g e
• A sample of a report Summary and tutor’s feedback is provided here. Note that this is NOT a
perfect example. The sample Summary is from a report entitled “Privacy issues in IT”.
Table of contents
A table of Contents lists the sections of the report, providing readers with an overview of how the
report is organised. Your choice of headings and subheadings communicates your interpretation of
the topics to the reader. It is presented on a separate page and should include:
• section headings.
• the number of the first page of each section.
The Contents page sets out the sections and subsections of the report and their corresponding page
numbers. It should clearly show the structural relationship between these sections and subsections.
A reader looking for specific information should be able to locate the appropriate section easily from
the table of contents. It is worth noting that few reports are written to be read from start to finish.
This why clear structure, headings and subheadings are so important.
There are conventions for section and page numbering:
• Number the sections by the decimal point numbering system.
• Number all the preliminary pages in lowercase Roman numerals (i, ii, iii, iv, …).
• Preliminary pages are any which come before the introduction, including the summary and,
where applicable, acknowledgements.
• Section and subsection numbering should not exceed two decimal points.
• You do not have to place the number i on the title page. Just count it and put ii on the
second page of your report.
• Number all the remaining pages of your report with Arabic numerals (1, 2, 3, 4, …). Thus, the
report proper begins on page 1 with your Introduction, which is usually Section 1.
98 | P a g e
• Provide a title in your table of contents to describe the contents of each appendix (Note: one
appendix, two or more appendices). Do not just call them Appendix 1 or Appendix 2.
Introduction
An Introduction section provides the background information needed for the rest of your report to
be understood. It is usually around ten percent of the total report length. The Introduction includes:
• the background to the topic of your report to set your work in its broad context
• a clear statement of the purpose of the report, usually to present the results of your
research, investigation, or design
• a clear statement of the aims of the project
• Technical background necessary to understand the report, e.g. theory or assumptions
• a brief outline of the structure of the report.
Body of report
This is the main part of your report, where you present your work. There are some points about the
body of a report which are worth consideration:
• It should consist of information which is supported by examples and evidence obtained from
your research.
• The information should be presented under appropriate headings and subheadings and
should be ordered in a logical manner to facilitate the reader’s understanding.
In principle, the body of the report:
• presents the information from your research, both real world and theoretical, or your design
• organises information logically under appropriate headings
• conveys information in the most effective way for communication:
o Uses figures and tables.
o Can use bulleted or numbered lists, but the bulk should be paragraphs made up of
full sentences.
o Can use formatting to break up large slabs of text.
Conclusion
99 | P a g e
The Conclusion section provides an effective ending to your report; thus, it needs to be written in a
concise manner. The content should relate directly to the aims of the project as stated in the
Introduction and sum up the essential features of your work.
In brief, the Conclusion section needs to:
• summarise the main ideas that have been established in the body of the report
• recap key findings
• finish the narrative of the report
• state to what extent you have achieved your aims
• give a summary of the key findings or information in your report
• highlight the major outcomes of your investigation and their significance.
Therefore, the Conclusion section must not:
• include any new information or ideas
• simply indicate whether you have achieved your aims.
Reference list
Citing and referencing
You need to reference all source materials referred to in the report using the APA 6th referencing
style as required by FIT. The two parts to referencing are:
• citations in the text of the report
• references in the reference list.
A citation shows that information comes from another source. The reference list gives the details of
these sources. You need to use in-text citations and provide details in the references section when:
• you incorporate information from other sources, e.g.:
o factual material
o graphs and tables of data
o pictures and diagrams
• you quote word-for-word from another work (when you do this the page number must be
given in the in-text citation).
Appendices
100 | P a g e
An appendix (appendices in the plural) consists of any supporting evidence which is not possible to
include in the body of the report, for example raw data, detailed drawings, coding, or calculations.
The conventions for appendices are as follows:
• each appendix must be given a number (or letter) and title.
• each appendix must be referred to by number (or letter) at the relevant point in the text.
Network Monitoring System Reports
IPHost Network Monitor provides various group and detailed reports and graphs, as well as logs. The
monitoring system reports contain information necessary to trace resource utilization trends and to
plan upgrades; besides, reports and logs provide the possibility to trace the results over a certain
time. Also, the reports can be used as an accounting basis for the administrators’ work results.
There are two ways to access monitoring reports in IPHost Network Monitor:
Reports in Windows interface
The Windows UI (monitoring client) allows you to access detailed reports for monitors and summary
reports for groups and categories. A reporting period can be any number of days and hours until
now. The default report interval is 24 hours (one day) until current time. To adjust the report interval
for the Windows UI, select the Tools -> Settings menu or click the Settings button on the toolbar,
then select the Reporting tab and set the required number of days and hours.
Reports in Web interface
Apart from the Windows client UI, IPHost Network Monitor also has a Web interface. Its Reports tab
allows to access additional types/forms of reports for any time interval. There are three panels: the
contents of the left panel completely duplicates the monitoring client Tree View pane, the upper
panel serves to select the report type and time interval, the remaining space is reserved to display a
report itself. The Web interface copies the monitoring client behaviour: if a link within a report is
clicked, then the report corresponding to this link is loaded, and the focus switches to the
corresponding tree node (agent, host group, host or monitor) in the Tree View.
101 | P a g e
Report Types
The IPHost Network Monitor provides four report types.
Summary report for a host group, host, monitor type or the entire system
102 | P a g e
This report provides summary data on the availability and performance for a selected group of
monitors, host monitors, all the monitors of a selected monitor type or for the entire system. The
pseudograph shows when a given monitor was in problem states. A summary report for a Remote
Network Agent summarize the problems for all hosts and resources in the remote network segment
and is useful to analyse and resolve them.
103 | P a g e
Summary report for a monitor
Although it has the same name it significantly differs in contents. The report presents detailed and
practically complete information on the monitor’s availability and performance over a period.
It contains a Performance Graph, summary data on the monitor’s availability and performance (for a
selected period and a previous period of the same duration), a state’s log (showing the state of the
monitor during a selected period) and states summary information (showing how much time the
monitor was in problem states and the percentage of the problem state time). For example, a traffic
monitor performance graph shows how incoming traffic volume is distributed in time and can help
you to optimize traffic-consuming processes on a given host.
Trend report
The report provides comparative data on a monitor availability and performance. For each monitor
you can see summary data for a selected period, for a previous period of the same duration and the
104 | P a g e
difference between them. You can use this report to identify short or long-term trends in the
monitors’ performance and availability.
It is useful to make sure the resource performance does not degrade in course of time. For example,
a traffic speed monitor trend report might show that a host or subnet network utilisation should be
optimised due to daily increasing bandwidth consumption.
Problem report
Shows summary information on availability and performance problems occurred during a specified
time interval.
This kind of report is intended to draw your attention to the problems the monitoring service
detected in your environment and to help you to resolve them. For example, repeating problems in
a subnet network performance may indicate hostile activity, like a malware attack.
Log
The log shows two kinds of messages for selected monitors:
• system messages (not monitor specific, shown in grey font)
• state changes and actions (the line is highlighted in the colour corresponding to a state).
105 | P a g e
The messages in the log are ordered chronologically. The Web interface Report tab allows to select
logs order by clicking on Order button on the upper panel.
The monitoring client shows logs for two days: yesterday and today. You can generate logs for any
time interval on the Web interface Reports tab.
Receiving scheduled reports by e-mail
IPHost Network Monitor provides a possibility to automatically send reports for the last
day/week/month for every monitor, host, host type or monitor type and for the entire system also.
By default, IPHost Network Monitor sends a Summary report for the last day for the entire system to
the admin e-mail. You can specify additional addressees on the Settings -> Reporting tab.
You can configure sending reports for other entities (agent, host group, monitor type, host, or
monitor) on the entity Main Parameters tab in the monitoring client.
Other features description
Monitoring Features Here you can find the list of monitor types
106 | P a g e
supported in IPHost Network Monitor and brief
description of their parameters.
Network Discovery Helps you to create a basis of your monitoring
configuration and automates the task of detection
network hosts and network services.
Alerting Features Here you can find the list of alert types (ways of
reaction to the problems happened during
monitoring) available in
IPHost Network Monitor, and their brief
description.
IPHost Network Monitor interfaces
and structure
Here you can find an overview of IPHost Network
Monitor components, Windows, and web
interfaces.
3.7 Review and monitor strategies and initiate corrective action where
required
Review and monitor Network traffic strategies
Network Performance Management helps in Network traffic monitoring, to review, analyse and
manage network traffic for any abnormality. Network traffic analyser is the process that can affect
network performance, availability and/or security. Network traffic monitor uses various tools and
techniques to study your computer network-based traffic.
When networks get busier it is very common, that the overall speed of these networks slows down.
A lot of different trends are getting popular in the IT infrastructure like an increase in the use of
cloud servers, video, VOIP etc. All these trends put tremendous pressure on IT infrastructure
resources. When the stress on any network increases, it is very common for the companies to
monitor network traffic with the help of Network monitoring software.
The process is not only costly, but it is also effective for a very short period. When you provide more
IT infrastructure resources to the network but do not try to lower down the pressure, in end the
infrastructure will again face similar issues which it was facing before the upgrade.
The best way to identify the kind of network traffic and its source is the NetFlow analysers. In
general terms, NetFlow is a feature that was first introduced in Cisco devices. It can collect IP based
network traffic by monitoring the inflow and outflow of the data. It helps the administrator to keep a
check on the source and destination of the traffic, class of service and reasons of congestion. It
makes it easier to understand the network traffic and manage it properly, as the quote from Peter
Drucker (Management Guru) goes “What Gets Measured, Gets Managed”.
Why Network Admin Needs Network Traffic Monitoring
There are several justifiable reasons to monitor overall traffic on the network. The information
produced by the network traffic monitoring tools could be used in numerous IT operational and
security use cases. For example – To find out security vulnerabilities and troubleshoot network
related issues and analyse the impact of new applications on the overall network.
However, an important note in this regard – not all the tools for monitoring network traffic are the
same. Usually, they could be divided into two broad types – Deep packet inspection tools and flow
107 | P a g e
based tools. Within these two types, you have the choice of tools which do not need software
agents, tools. Also, they should store historical data, and tools with intrusion detection systems
which monitor network traffic within the network as well as along the network edge.
Internal network visibility
Network flow monitoring software which supports protocols such as NetFlow, IPFix, JFlow, sFlow
etc. can provide complete visibility of internal network traffic. With Metadata, IT department can
generate insightful reports about following types and kinds of traffic
Traffic for Top Applications | Traffic for Top Conversations | Traffic Destinations with Host IP | Top
Traffic Sources with IP address | Top Traffic Receivers with IP | IP to IP Traffic | Protocol Traffic |
Port Traffic | Application Traffic
Identification of slow applications
Speed aka performance plays an important role in user experience. One of the most raised help desk
ticket is about application (web application, Go-to-Meeting, Skype etc.) being slow or getting
crashed. There can be 100s of reasons out of which only one or two will be relevant at any time.
Identifying the reason is not only time-consuming but costly as well. The next generation NetFlow
software can filter and report the accurate cause. By combining the internal data reports with the
external resources, the system administrator can learn a lot about the system and the faulty
network.
Detection of spyware and other hacks
When these worms attack your network, they form a very unusual data flow in and out. With the
help of NetFlow, these unusual patterns are easy to detect. In case you are not using some data
analyser, these patterns often go unchecked since these are designed to fool the human
administrator.
Most of these worms often cause non-financial problems by creating a bad image for the company.
However, in some cases, the effect of these worms can include high rates of financial loss as well.
Detection of outflow of personal information of clients
This point is especially applicable to the companies that deal in Payment Gateways or Payment Card
Industry. A good payment gateway never lets the personal information of the client to get leaked
out from its system. In a hack, such information may start flowing out which is instantly reported by
the NetFlow software.
Departmental bandwidth usage
If you are worried about the overall usage of the network and unable to find out which department
is using the data flow in a massive amount, NetFlow can come in handy. It can track and point out IPs
and devices which are using the network resources. The administration can take proper action to
reduce the pressure on the network then.
108 | P a g e
Self-assessment
Question 1: What is contingency plan?
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Question 2: List the network monitor tools?
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
109 | P a g e
Chapter 4. Detect and take action on traffic congestion
The chapter is going to discuss the following points in detail:
• Measure and analyse traffic loads to assess congestion problems and determine possible
impact
• Control traffic flow and prevent processor overloads
• Evaluate potential traffic increases for impact on the network and develop contingencies to
control traffic flow if required
4.1 Measure and analyse traffic loads to assess congestion problems and
determine possible impact
Measure and analyse traffic loads
What is Throughput?
Throughput is the actual capacity of a system to send data to another, counting additional factors.
In other words, it is the exact amount of data passing through the media from point A to point B in a
determined amount of time.
When referring to communications, network throughput is the rate of message delivery over a single
channel.
Throughput shows its results as an average and uses “data units per time” metrics such as bits per
second “bps” or packets per second “pps.”
Although the concept of throughput is like bandwidth, they are not the same.
110 | P a g e
How is Bandwidth different than Throughput?
Bandwidth is the Total Capacity of a system to send data to another over a single media.
It is like the size of the pipe or the highway, two lanes, three lanes, 50 lanes, etc.
The concept relates to perfect and theoretical conditions.
But in real life, it is affected by countless factors, such as:
• Traffic load
• Packet loss
• Delay
• The hardware powers
• Cabling
• Bit errors on the interface
• RF interference
• Encryption/Decryption
• CSMA/CA, and many more
When adding up all these factors, the bandwidth turns into a throughput.
In common practices, the actual throughput should be at least 50% (or more) of the total bandwidth.
Throughput vs Connection Speed
Throughput is often confused with bandwidth and in worst cases with Internet Speed.
When you buy an Internet connection at a certain speed, you are theoretically getting a specific
bandwidth connection.
But in real life, you will be affected by other factors and will end up getting the throughput.
Internet Speed is a general term, that refers to the amount of data transferred per second through a
specific connection.
A good example is AT&T’s Internet Fibre connection offers. To get the 1000Mbps speed, the ISP will
likely install powerful network devices, optical cabling, and open a wider bandwidth connection.
111 | P a g e
The concept of “Internet Connection Speed” is often used by marketers or sales representatives and
is used by default to mean throughput, which is the actual rate of packet delivery over a specific
medium.
In the following Speed Test performed in speedtest.net, the total connection speed (100Mbps)
provided by AT&T reduced to about 80%, which is not bad.
According to Speed test from Ookla, the result of this test is an accurate measurement of HTTP
throughput between the web server and the client.
But a speed test results such as this one will vary when you do the same test on different devices, at
different times, and over various media. Not only the ISP will be a bottleneck, but also your
infrastructure.
It is critical to measure network throughput with precision to guarantee that the SLA (Service-LevelAgreement) between provider or client is being met and to make the network ready for any
regulatory compliance.
Network Throughput Software & Tools Testing & Measuring Bandwidth
Network administrators and Engineers use throughput as a metric to indicate the performance and
health of a network connection. Instead of thinking in terms of bandwidth, they use throughput to
see the real number of bits or packet delivered from a network device to another.
Network Bandwidth Analyzer Pack from SolarWinds.
• IxChariot
• LAN Speed Test from TotuSoft
• Iperf3
• TamoSoft Throughput Test
• NetStress
• For more info refer to previous chapter.
112 | P a g e
4.2 Control traffic flow and prevent processor overloads
Control network traffic
Network traffic control is the process of controlling bandwidth usage and managing your network
traffic to prevent unexpected traffic spikes and bottlenecks. Increases in video and VoIP traffic as
well as network speeds over the years have made networks more complex than ever, increasing the
need for total control over your network traffic to keep your network up and running without any
hiccups.
This helps you detect bandwidth hogs and possible traffic spikes well in advance and remediate
them before they damage your network performance. The benefits of a comprehensive network
traffic control software include:
• Complete visibility
• Improved quality of service
• Proactive discovery of security threats
• Predicting and preventing bandwidth bottlenecks
• Network traffic flow
Network traffic flows
Network traffic flows (flows) are useful for building a coarse-grained understanding of traffic on a
computer network, providing a convenient unit for the measurement and/or treatment of traffic.
Flows can be measured to understand what hosts are talking on the network, with details of
addresses, volumes, and types of traffic. This view of the network can be useful for troubleshooting,
detecting security incidents, planning, and billing
But what exactly is a flow, and how is it defined?
This question sounds trivial to answer, however when we dig deeper, we find nuances and corner
cases that make flows interesting, and ultimately difficult to define.
Background
To truly understand flows, we need to start with some background.
Networks started out as circuit switched. When a host wanted to communicate with another host it
asked the network set up a circuit. After the information flow had finished, the circuit was torn
down.
NetFlow Analyzer helps you control network traffic
NetFlow Analyzer is bandwidth and network traffic management and network traffic control tool
that leverages flow technology to monitor network traffic. It efficiently monitors every single flow
and activity in your network, helping you get the visibility you need to gain bandwidth control.
Besides monitoring your bandwidth and network traffic, NetFlow Analyzer analyses this information
to identify traffic patterns, top applications, and bandwidth hogs.
113 | P a g e
NetFlow Analyzer helps you keep tabs on availability, utilization, and downtime by letting you set
threshold-based alerts that can be further classified based on severity.
It also doubles up as a threat detection system helping you detect intruders and both internal and
external security threats ranging from distributed denial-of-service (DDoS) attacks to zero-day
intrusions.
With the Continuous Stream Mining Engine™ technology, NetFlow Analyzer’s Advanced Security
Analytics Module (ASAM) classifies threats and intrusions based on type and severity to tackle them
in real time.
114 | P a g e
NetFlow Analyzer helps you predict and plan bandwidth usage trends, traffic spikes, and application
growth. NetFlow Analyzer’s Forecast report foresees traffic spikes and anomalies, and its Capacity
Planning report analyses traffic patterns and application growth to give you a clear picture of your
bandwidth needs.
These reports can be custom generated, scheduled, and exported for any interface, IP group, or
access point in your network.
115 | P a g e
Traffic shaping with a network traffic controller
One of the biggest challenges in managing growing networks is ensuring each application and device
has its required share of bandwidth. Managing your policies by employing traffic shaping techniques
will help make sure links aren’t overutilized to the point of congestion and ensure high priority for
business-critical apps.
The importance of traffic shaping has increased greatly with the rise in use of VoIP and video,
especially since media traffic is highly sensitive to network issues and even minor issues that may
not affect other applications can have dramatic effects on voice/video quality.
Traffic shaping is the process of delaying or blocking specific packet groups or traffic to optimize
overall performance. It is a bandwidth management technique that involves bandwidth limiting,
prioritizing users/apps, and configuring quality of service (QoS), and is the most important step to
help you exercise complete control over your network.
It helps you get the most out of your bandwidth by meeting specific requirements of your
organization. It helps:
• Limit bandwidth to curb use of non-essential applications hogging bandwidth, and prioritize
mission-critical traffic
• Sustain normal network availability during spikes and bottlenecks so users are not affected
• Meet service-level agreements
• Retain enough bandwidth for voice and video transmission for better quality of experience
(QoE)
NetFlow Analyzer uses QoS and the Service Policy to create class-based criteria and reconfigure
policies to help ensure your business-critical applications are prioritized.
QoS management and traffic shaping is not a one-time process and has to be periodically monitored
and adjusted to ensure consistent network performance. NetFlow Analyzer uses Cisco CBQoS to
monitor and validate the performance of your policy changes and their effectiveness to gain control
over apps hogging bandwidth, which can drain your network.
116 | P a g e
Circuit-switched networks have their heritage in phone networks. They have several drawbacks,
including poor scalability and low capacity utilisation.
An alternative was needed to build what ultimately became the Internet – packet-switched
networks. Messages are chopped up into variable sized pieces that are individually addressed and
sent as packets across the network.
117 | P a g e
The receiving host reassembles the payload from the packets back into the message. Note: packets
can also contain control information, such as flow control and paths do not have to be symmetric.
Defining flows in a circuit-switched network is easy as the circuit is a flow and follows a protocol to
establish and decommission (circuit = flow); however, in a packet switched network things are less
obvious.
Imagine for a second that you are at observation point A in the circuit-switched network of Figure 1,
you would see:
Two flows would be observed – circuits between hosts 3 & 4 and hosts 5 & 6. Observing flows in a
circuit-switched network is relatively easy because the network is involved in setting up the circuits,
so knows their state, and the endpoints.
Imagine now that you are at observation point A in the packet-switched network of Figure 2 instead,
you would see:
118 | P a g e
Suddenly things are less clear. There is a packet coming in from Host 5 destined for Host 6. Assuming
we observe for a period we see more packets arrive and depart. Observing flows on a packetswitched network takes time and requires recording and analysing packet information.
Control Network Traffic
The primary purpose of your browser is to control how network traffic flows in and of your network.
To enable your Firebox to control this traffic, you configure settings to:
• Create security policies on your Firebox that identify and authenticate users
• Specify rules that allow or deny traffic through the Firebox, based on the traffic source or
destination, and type of traffic
• Use threat protection to protect your networks and users from attacks and harmful data
How to configure your browser to control network traffic?
User Authentication
User authentication is a process that determines whether users are who they claim to be, and
verifies the privileges assigned to users. When you require users to authenticate, you can create
policies specific to traffic from specific users and groups, and you can see user names in log
messages and reports for better visibility into the traffic generated by users on your network.
Policies
The security policy of your organization is a set of definitions to protect your computer network and
the information that goes through it. When you add a policy to your Firebox configuration file, you
add a set of rules that tell the Firebox to allow or deny traffic based upon factors such as source and
destination of the packet or the TCP/IP port or protocol used for the packet.
Proxies
Configure proxy policies, packet filters, and application layer gateways (ALGs) to control network
traffic and apply your organization’s security policies. Firmware supports proxy policies for many
common protocols, including DNS, Explicit Proxy, FTP, H.323, HTTP, HTTPS, POP3, IMAP, SMTP, SIP,
and TCP-UDP. For more information on a proxy policy, see the section for that policy.
Traffic Management and QoS
Traffic Management enables you to set the maximum bandwidth available for different types of
traffic, and to guarantee a minimum amount of bandwidth for specific traffic flows.
Use QoS to guarantee or limit bandwidth, control the rate, and prioritize how the Firebox sends
packets to the network.
Default Threat Protection
Use Default Threat Protection to examine the source, destination, and port of each packet and look
for patterns that show your network is at risk and actively protect your network from attacks.
4.3 Evaluate potential traffic increases for impact on the network and
develop contingencies to control traffic flow if required
Contingencies plan to control traffic flow
119 | P a g e
A contingency plan should include system redundancy to increase the fault tolerance of the security
system, such us network redundancy, so that if there is a fault with any part of the link then it should
be possible for the data to find an alternate path, and hardware redundancy, so that it is possible to
switch on the failover server.
Best practices to prevent VMS threats and failures
Hardware Failure
All devices and components that face either mechanical or thermal stresses should be expected to
experience partial or total failures at some point in their life cycle, especially if they operate for an
extended periods of time, in harsh environments or are subjected to frequent power outages. Heat,
dust, and moisture can badly affect the system performance.
Electrical devices need to be properly cooled and ventilated to keep them functional in the long
term. Regular cleaning is also advised to keep the accumulation of dust to a minimum. Unused
connection ports should also be kept dust free and protected with covers, where possible.
The use of RAID technology can improve fault tolerance, ensure better overall performance, and
increase the available storage capacity that can be used in a reliable way. A failover solution can
prevent your system from going down in case of a server failure.
Hardware and software updates and necessary upgrades should be conducted on a regular basis.
Network disconnection
A network connection could fail for different reasons:
• Faulty network interface card
• Faulty network port
• Network settings configured incorrectly
A properly designed network architecture ensures maximum functionality and availability for data
communication. A well-planned architecture can also scale easily, for future system expansion.
It is highly recommended for security organisations to consult with ICT staff on how to develop faulttolerant network architectures for specific environments.
Cameras and users should be either physically or logically separated from each other using separate
switches or Virtual LANs to minimise the bandwidth consumption. For the same reason, recording
servers need two connections to the system, one for cameras and the other for the client PC.
Security system breaches
Security breaches happen when security policy, procedures or system are violated. A surveillance
system is often a target for vandalism, sabotage, and an attempt of video footage hijacking. In order
to prevent these threats, keep the servers in a locked room or cabinet and allow the access to
authorised staff only. Set user authorisation and specific user rights to control data access. Use
strong passwords and, in some cases, configure a dual password to make it harder for potential
intruders to gain access to the system.
120 | P a g e
Self-assessment
Question 1: what is throughput?
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Question 2: What is network traffic flow?
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
121 | P a g e
Chapter 5. Provide traffic indicators for capacity planning
The chapter is going to discuss the following points in detail:
• Predict future potential traffic trends and requirements using data on current and historical
traffic patterns
• Identify potential network traffic problems and make recommendations to network planners
• Complete reports with recommendations and forward to relevant personnel
5.1 Predict future potential traffic trends and requirements using data on
current and historical traffic patterns
5.2 Identify potential network traffic problems and make
recommendations to network planners
Potential network traffic problems
Outdated or non-compatible hardware
Every so often, your network team will have to upgrade network capacity and speeds to match your
enterprise’s demands. If your team does not upgrade its hardware along with it, you could be
opening the door to bottlenecks. Whenever possible, your team should upgrade your switches,
servers, routers, etc. to have the most optimal hardware layout.
This also extends to wire and cable connections between devices. Ethernet cables, for example, have
different categories that determine their maximum data speed. If your Ethernet cables are not able
to handle the data speeds your network requires, they can slow down your network tremendously.
Too many devices
Every network has a specific level of capacity that it can handle. This capacity puts a limit on how
much bandwidth and traffic your network can deal with before it begins to affect performance. (This
is assuming that all the data is healthy and is not hurting performance itself.) If there are too many
devices connected to the network, then the network might become overloaded with requests for
data. Your NPM will inform you if there are more devices than your network is equipped to deal
with.
Bandwidth hogs
A bandwidth hog is a device or user that, either accidentally or on purpose, consumes much more
data than other devices. Depending on the device/user, the difference between average data usage
and the hog’s usage can be minor or significant. Regardless, an NPM can tell you when a device is
draining bandwidth above the expected level. Some NPMs allow you to monitor bandwidth usage in
real-time, meaning you can detect when a bandwidth hog is using resources.
Poor network design and subnets
Sometimes, the congestion is the fault of how your network is designed. Your network layout needs
to be optimized to ensure every part of your network is connected, but also to maximize
performance across every area of coverage. When you divide your network into subnets, it should
be done to accommodate for the devices you know will be on the network. That is, subnets should
122 | P a g e
be designed around devices permanently connected to the network. If there is an area where you
know a lot of devices will be demanding data, that subnet should be sized appropriately.
Ways to reduce network congestion
• Monitor Your Network Traffic.
• Network Segmentation.
• Use a Content Delivery Network.
• Reconfigure TCP/IP Settings.
• Backpressure Routing.
• Choke Packet.
• Implicit Congestion Notification.
• Explicit Congestion Notification.
For more information refer to previous chapters
5.3 Complete reports with recommendations and forward to relevant
personnel
Report
A report is a document that presents information in an organized format for a specific audience and
purpose. Although summaries of reports may be delivered orally, complete reports are almost
always in the form of written documents.
How to complete report on network traffic indication
Step 1: Decide on the ‘Terms of reference’
To decide on the terms of reference for your report, read your instructions and any other
information you’ve been given about the report, and think about the purpose of the report:
• What is it about?
• What exactly is needed?
• Why is it needed?
• When do I need to do it?
• Who is it for, or who is it aimed at?
This will help you draft your Terms of reference.
Step 2: Decide on the procedure
This means planning your investigation or research, and how you’ll write the report. Ask yourself:
123 | P a g e
• What information do I need?
• Do I need to do any background reading?
• What articles or documents do I need?
• Do I need to contact the library for assistance?
• Do I need to interview or observe people?
• Do I have to record data?
• How will I go about this?
Answering these questions will help you draft the procedure section of your report, which outlines
the steps you’ve taken to carry out the investigation.
Step 3: Find the information
The next step is to find the information you need for your report. To do this you may need to read
written material, observe people or activities, and/or talk to people.
Make sure the information you find is relevant and appropriate. Check the assessment requirements
and guidelines and the marking schedule to make sure you’re on the right track. If you’re not sure
how the marks will be assigned contact your lecturer.
What you find out will form the basis, or main body, of your report – the findings.
Step 4: Decide on the structure
Reports generally have a similar structure, but some details may differ. How they differ usually
depends on:
• The type of report – if it is a research report, laboratory report, business report, investigative
report, etc.
• How formal the report has to be.
• The length of the report.
Depending on the type of report, the structure can include:
• A title page.
• Executive summary.
• Contents.
• An introduction.
• Terms of reference.
• Procedure.
• Findings.
• Conclusions.
• Recommendations.
• References/Bibliography.
• Appendices.
• The sections, of a report usually have headings and subheadings, which are usually
numbered
Step 5: Draft the first part of your report
Once you have your structure, write down the headings and start to fill these in with the information
you have gathered so far. By now you should be able to draft the terms of reference, procedure and
findings, and start to work out what will go in the report’s appendix.
124 | P a g e
Findings
The findings are result of your reading, observations, interviews and investigation. They form the
basis of your report. Depending on the type of report you are writing, you may also wish to include
photos, tables or graphs to make your report more readable and/or easier to follow.
Appendices
As you are writing your draft decide what information will go in the appendix. These are used for
information that:
• is too long to include in the body of the report, or
• supplements or complements the information in the report. For example, brochures,
spreadsheets or large tables.
Step 6: Analyse your findings and draw conclusions
The conclusion is where you analyse your findings and interpret what you have found. To do this,
read through your findings and ask yourself:
• What have I found?
• What’s significant or important about my findings?
• What do my findings suggest?
For example, your conclusion may describe how the information you collected explains why the
situation occurred, what this means for the organisation, and what will happen if the situation
continues (or doesn’t continue).
Don’t include any new information in the conclusion.
Step 7: Make recommendations
Recommendations are what you think the solution to the problem is and/or what you think should
happen next. To help you decide what to recommend:
• Reread your findings and conclusions.
• Think about what you want the person who asked for the report should to do or not do;
what actions should they carry out?
• Check that your recommendations are practical and are based logically on your conclusions.
• Ensure you include enough detail for the reader to know what needs to be done and who
should do it.
Your recommendations should be written as a numbered list, and ordered from most to least
important.
Step 8: Draft the executive summary and table of contents
Some reports require an executive summary and/or list of contents. Even though these two sections
come near the beginning of the report you won’t be able to do them until you have finished it, and
have your structure and recommendations finalised.
An executive summary is usually about 100 words long. It tells the readers what the report is about,
and summarise the recommendations.
Step 9: Compile a reference list
125 | P a g e
This is a list of all the sources you’ve referred to in the report and uses APA referencing.
Step 10: Amend your draft report
It is continuously vital to re-examine your work. Things you wish to check include:
• If you’ve got done what you were inquired to do. Check the assignment address, the
instructions/guidelines and the marking schedule to make sure.
• That the specified areas are included and are within the redress arrange.
• That your data is precise, with no gaps.
• If your contention is coherent. Does the data you show back your conclusions and
recommendations?
• That all terms, images and shortened forms utilised have been explained.
• That any graphs, tables, charts and outlines are numbered and labelled.
• That the designing is adjust, counting your numbering, headings, are reliable all through the
report.
• That the report peruses well, and your composing is as clear and compelling as possible.
Ways to forward report to relevant personnel
● Upload your files to a cloud storage service, like Google Drive, Dropbox, or OneDrive, and
share them or email them to others
● Use file compression software, like 7-Zip
● Purchase a USB flash drive
● Use a free online service, like Jumpshare or Securely Send
● Use a VPN
1. Upload your files to a cloud storage space.
Using a cloud storage space like Google Drive, Dropbox, or OneDrive is one of the easiest and most
popular methods for sending large files. Depending on your email provider, you’ll likely be able to
use corresponding cloud storage like Google Drive for Gmail, or OneDrive for Outlook.com. If you’re
sending an attachment within a provider like Gmail, you’ll see the Google Drive button already
integrated. Simply press it, choose your file, and then send it like a regular attachment.
Alternatively, Dropbox allows you to upload large files and then send a web link via email or text to
your recipient. With Dropbox’s free tier, you’ll receive 2 GB of storage space. For $9.99 per month,
you can increase your storage to 1 TB.
2. Use file compression software, like 7-Zip.
If you have multiple files, you might consider using free compression software like 7-Zip, which can
compress an entire folder of files at once. Zip files in general support lossless data compression, and
are good for saving time and space while ensuring your files remain intact. Most operating systems
can extract Zip files easily, without additional software.
7-Zip is available for Windows, Mac and Linux. You can also provide a password for your files with 7-
Zip, to ensure they’re safe to send online.
3. Purchase a USB flash drive.
If you want to collaborate on a project or video with a large storage size, you might consider
uploading it to a USB flash drive, which can range in size from 2 GB to 1 TB. This might allow you to
126 | P a g e
pass your files more easily between co-workers, or back your files up for additional protection. Best
of all, if you use a USB, you can take some strain off your computer, extending its data storage.
4. Use a free online service, like Jumpshare or Securely Send.
There are plenty of free online services that make uploading and sending large files, both easy and
incredibly quick. Jumpshare, for instance, lets you send up to 250 MB worth of files with a free
account simply upload a file or folder, and Jumpshare provides you with a link to share the files. Plus,
you can download the Jumpshare icon to your desktop. When you drag and drop files onto it, a link
will be copied to your clipboard, which you can send to anyone, even if they don’t have their own
Jumpshare account.
Securely Send is another fantastic option. You can send your files to an email recipient within
Securely Send’s platform simply input an email, upload your file, and click “Send It”. Securely Send
lets you send 2 GB worth of files for free, and even lets you track deliverability, so you know when
your files have been received and reviewed.
5. Use a VPN
A VPN, or Virtual Private Network, is a service that protects your data and provides you with more
privacy when you’re online by routing your internet connection through a server. A VPN can protect
you from hackers, or even online ads, and is a secure option, particularly if you’re often using public
wi-fi.
Some internet service providers (ISP) use broadband traffic management to moderate upload
bandwidth if this is the case for your ISP, you can use a VPN, which will prevent your ISP from
recognising how large your files are, enabling you to send them.
However, this isn’t the best option in our list for two reasons one, the large file could slow down
your VPN connection, and two, your files aren’t guaranteed to be intact upon delivery. To ensure a
high-quality delivery, you might want to try an alternative option, like a Zip compression.
127 | P a g e
Self-assessment
Question 1: How to develop contingency plan?
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
Question 2: what are potential network traffic problem?
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
128 | P a g e
Bibliography
• https://www.ciscopress.com/articles/article.asp?p=361409&seqNum=5
• https://www.geeksforgeeks.org/types-of-routing/
• https://www.solarwinds.com/network-bandwidth-analyzer-pack/use-cases/network-trafficmonitor#:~:text=Access%20your%20router%20by%20entering,devices%20connected%20to
%20your%20network.
• https://www.comparitech.com/net-admin/network-monitoring-tools/
• https://www.idginsiderpro.com/article/3373646/network-problems-responsible-for-moredata-center-outages.html
• https://support.box.com/hc/en-us/articles/360044195813-Testing-Your-NetworkConnection
• https://www.pcwdld.com/networkcongestion#:~:text=When%20there%20are%20too%20many,in%20restricted%20flow%20of
%20traffic.
• https://www.sandvine.com/hubfs/downloads/archive/whitepaper-internet-trafficclassification.pdf
• https://ourworldindata.org/internet
• https://dpi.wi.gov/sites/default/files/imce/assessment/pdf/Network%20Requirements%20S
marter.pdf
• https://insights.sei.cmu.edu/sei_blog/2016/09/traffic-analysis-for-network-security-twoapproaches-for-going-beyond-network-flow-data.html
• https://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html
• https://iphostmonitor.com/network-monitoring-system-reports.html
• https://www.ittsystems.com/network-throughput/
• https://www.manageengine.com/products/netflow/network-traffic-control.html