Content Overview To effectively troubleshoot a network, a baseline must first be established. The baseline information will be included in the network documentation. This module discusses the basic requirements for establishing a baseline and creating a coherent set of network documentation. Some of the biggest challenges facing the IT world are the expenses incurred as a result of network outages. The negative impact of these expenses makes it a high priority of network professionals to be able to diagnose and correct a network problem as efficiently as possible. To assist in accomplishing this, a baseline must be established to provide a snapshot of the configuration of a network while it is performing at an acceptable level. Using baseline information as a standard reduces the time that a troubleshooter needs to spend learning about the structure and configuration of the network. It also helps troubleshooters know when they have reached the goal of returning the network to its baseline level. Without a baseline, troubleshooters have to make guesses and estimates about whether they have reached their goal. Troubleshooting in this manner is haphazard and inefficient.
Content 1.1 Network Baselining 1.1.1 Network baselining overview When networks are first designed and installed, user requirements are gathered, analyzed, and translated into a network topology that satisfies the user requirements. The user requirements may be further extended into network performance goals such as bandwidth utilization, network latency and delay, and collision and error thresholds. In order to validate and document that the goals were achieved, specialized network monitoring and data collection is required. The process of network monitoring and collecting data is called baselining. The interpretation of the collected data is called baseline, or performance, analysis. Baselining allows discovery of the true performance and operation of the network in terms of the policies that have been defined. Performance trends and faults may be identified by comparing future performance metrics to the baseline metrics. After identifying data of interest for a policy, baselining allows a snapshot of the current state of variables throughout the network. Establishing a baseline for a network provides answers to the following questions: The purpose of conducting a network baseline is to measure the initial performance and availability of critical network devices and links in order to compare them to future performance. The baseline allows a network administrator to determine the difference between abnormal behavior and proper network performance. It also provides insight into whether the current network design can deliver the required policies. The task of baselining can best be accomplished in large, complex networks, using sophisticated network management software with integrated remote monitoring network devices. In simpler networks, these data collection tasks may require a combination of hand collection of data, augmented with simple network protocol instectors like Fluke Protocol Inspector or other shareware utilities that can be downloaded from the Internet at sites such as http://www.statscout.com. Selected examples of tools that may be used for baselining are discussed in Module 2, “Troubleshooting Methodologies and Tools” . The collected data will reveal the true nature of congestion or potential congestion in a network. It may also reveal areas in the network that are underutilized. Analysis after an initial baseline tends to reveal hidden problems and quite often can lead to network redesign efforts based on quality and capacity observations. Another reason for conducting a baseline is that no two networks operate or behave the same way. Without a baseline, no standard exists to measure the optimum nature of network traffic and congestion levels. Establishing an initial baseline or conducting a performance monitoring analysis, by collecting current data and comparing it to the baseline, require sufficient time to accurately reflect network performance. Network management software or protocol inspectors and sniffers may run continuously over the course of the data collection process. Hand collection by way of show commands on individual network devices is extremely time consuming and should be limited to mission critical network devices. The following sections describe the general methodology for defining, collecting, and reporting a network performance baseline. This entails the collection of key performance data from the ports and devices considered to be mission critical. The baseline is a vital preliminary step in determining the personality of the network. It also simplifies the setting of effective thresholds. The following are steps to building a baseline:
Content 1.1 Network Baselining 1.1.2 Planning for the first baseline When conducting the initial baseline, start by selecting a few variables that represent the defined policies. If too many data points are selected, the amount of data can be overwhelming, making analysis of the collected data difficult. Hence, start out simply and fine tune along the way. Generally, some good starting measures are interface utilization and CPU utilization. Collect data for a day or two before starting the actual baseline study to determine whether the right data is being gathered from the right devices. After recording a couple of days’ worth of data, graph the collected data in different ways in order to better show where the network needs improvement. Slicing through the data in different ways can reveal interesting and sometimes surprising observations. Pick the top few reports that are relevant and study them to determine whether there is more information needed, in order to understand a particular pattern or trend. Then, fine tune the data to be collected and begin the actual baseline study. Baseline analysis of the network should be conducted on a regular basis. Perform an annual analysis of the entire network or baseline different sections of the network on a rotating basis. Analysis must be conducted regularly in order to understand how the network is affected by growth and other changes. Gathering the information in a consistent manner and analyzing the data will allow informed design decisions as well as expedite fault isolation.
Content 1.1 Network Baselining 1.1.3 Identifying devices and ports of interest As part of planning a baseline, the devices and ports of interest must be identified. Ports of interest include those network device ports that connect to other network devices, servers, key users, and anything else considered critical to the operation. By narrowing the ports polled, the reports will be more clear and network and device management load will be minimized. Remember that an interface on a router or switch can be a virtual interface, such as a switch virtual interface (SVI). After the ports have been identified, it must be ensured that processes are in place to either keep that connection from being changed or to generate a report informing the network administrator that a change has occurred. Without this assurance, reports will become inaccurate. A report may indicate that a backbone port on a particular device is performing fine, when in fact the device connected to that port is not a router, but a PC, due to an undocumented change. One method to track the ports of interest is to use the port description fields on devices to indicate what is connected. If backbone Router A is connected to switch