"You can't manage what you can't measure" is a quotation that we often hear thrown around the business world by people who forget that organizations are populated by human beings who can be somewhat unpredictable as they are often respond in ways are governed by what Human Resources professionals call “hygiene factors”, in other words, unpredictable things driven by emotion and instinct. KPIs are not the only answer to management headaches. I’m not suggesting that data and statistics have no part to play in managing modern IT systems just because they are used by irrational and unruly human beings, what is important is the interpretation of the data and the best decisions are made when we have the maximum amount of information available at our fingertips.
So the starting point for any analysis of network activity is gathering good data and one of the best tools we have to help us with this is sFlow® which is an industry standard network and system monitoring technology. The role of sFlow is to streamline the collection and delivery of data that can be used as the foundation for better decisions and when linked to a management system it can drive the automation of policy deployment and threat mitigation.
Brocade was the first networking vendor to recognize the power of sFlow and has implemented it on a broad range of platforms from the latest ICX range of switches to the high-end MLXe terabit router to deliver packet sampling across a wide range of interface speeds from 10Mbps to 100Gbps. In all cases the implementation is in hardware and on chassis based systems such as the MLXe sFlow is embedded in the line cards thus guaranteeing the performance and scalability of the solution. This is particularly important when sFlow is being used to detect anomalies that could be the result of malicious activity. Humans might be unruly but their actions often create patterns that can be detected!
During a recent conversation with a customer the power of having sFlow data available in real-time was highlighted to me. During our discussions I had expressed surprise that in his network of over 400 access switches they were using 1GbE up-links and had no plans to upgrade to 10GbE, a few clicks on the management system revealed the reason why; “The up-link usage is typically less than 20% across the campus and the peaks are not much higher so we don’t see the need for 10G in the immediate future” he added “New applications may change that but I don’t see anything in the near future… oh look at that…” His voice tailed off as several icons flashed amber and red. A few more clicks revealed that someone had started a BitTorrent download which had been detected and the management system had responded by blocking their network port. “When the user calls to complain that their network connection has failed we can explain why and re-enable the port”. It was great to see someone who had the measure of their network and their user base so clearly captured by sFlow.
The quotation I opened with is often incorrectly attributed to the American statistician William Edwards Deming, what he actually said was “It is wrong to suppose that if you can’t measure it, you can’t manage it – a costly myth”. Measurement is just the start, interpretation of the data and follow on actions are vital but without good inputs and a strong understanding of the user dynamics it is impossible to make the right decisions.
sFlow is a vital component in delivering the information needed to run an efficient network. To learn more about getting started with sFlow take a look at the new best practice guide posted on the Brocade Communities pages sFlow® Traffic Monitoring in Brocade Campus Networks