ISP networks are the connective tissue for most business traffic today. Are your network monitoring capabilities aligned with this new reality? This post examines why it’s so critical to establish visibility into ISP networks, and offers key tips for success.
The pros and cons of ISP networks
In recent years, enterprises have grown increasingly reliant upon public ISP networks. In our research and work with customers, we continue to hear how this presents a double-edged sword for network operations (NetOps) teams:
- Pros. On one hand, the ubiquity of different network services offers a range of appealing options. ISPs will typically have buildings wired and ready to go, so getting started is fast and easy. Further, with the emergent use of SD-WAN, connections are easy to pair. In many ways, relying upon these ISP networks is now a must, a key way to ensure network resilience, reliability, and security.
- Cons. On the other hand, these alternatives fundamentally obfuscate what’s happening from a performance standpoint. Relying on traditional monitoring tools, teams lack visibility into large portions of the application delivery path.
The challenges confronting NetOps teams
As the use of these ISP networks keeps getting more commonplace, NetOps teams are being put in a challenging position. While they’re asked to bear ultimate responsibility for their end users’ experiences, they’re unable to control or even see many of the networks end users are reliant upon. (As we outlined in a prior post, Streamlining Troubleshooting for Work-from-Home Users, these challenges are being compounded by the hybrid work approaches that have also become commonplace.)
The key challenge is this: How can NetOps teams troubleshoot issues, even for those ISP networks they don’t own or have visibility into?
Without ISP network visibility, troubleshooting times and costs will be excessive. Further, these penalties will continue to grow as environments get increasingly complex and interrelated.
When issues arise, teams need answers
When issues arise, the first key question to answer is this: Should I care? In other words, teams need to verify whether critical business or user services are being affected.
If issues are having a negative business impact, it’s vital that teams get an answer to this question: Where is the issue occurring?
Where many monitoring alternatives fall short
To answer these critical, urgent questions, teams have to go beyond legacy, passive network monitoring approaches. While these traditional solutions may be able to pinpoint an issue arising in an internal networking system or service, they won’t provide any visibility into whether or how end users or business services are affected. In addition, they can’t provide any visibility into the networking infrastructures of ISPs.
Network monitoring can track the East-West traffic between external networks, including cloud environments and data centers. While these monitoring approaches can uncover outages, they can also introduce a lot of noise. For example, a faulty connection between two different ISP networks may not have any impact on an organization’s critical services or end-user experiences.
Sometimes these network issues can affect background processes, such as data transfers, which can be important to know about. However, it’s essential for teams to be able to reduce alarm noise and prioritize remediation work intelligently. In this way, they can ensure they’re focusing on any issues that affect critical business and end-user services first.
While SD-WAN providers may be able to provide edge-to-edge visibility, many aspects that determine performance are still obscured.
The requirements: end-to-end visibility
When it comes to third-party ISP networks, teams need to take a trust-but-verify approach. To do so, it is vital to continuously monitor network traffic. Teams need to gain contextual intelligence to determine whether and how user and business services may be affected.
Teams have to leverage active, continuous monitoring that provides visibility into all the networks users rely upon, including internally owned and third-party ISP networks. Active monitoring sends test packets out periodically over the network and measures the responses, enabling teams to objectively track performance.
Active monitoring can be configured in a single-ended or dual-ended fashion. With single-ended approaches, you have a source of monitoring, typically behind your firewall, and you test connections to an external target. With this approach you can get visibility into networks you don’t manage or control, making it the approach that’s best suited for testing ISP networks.
Active monitoring solutions should provide automatic ISP detection, so they can readily determine which networks user traffic is traversing. To ensure teams can obtain actionable user-experience insights, it is vital to leverage continuous monitoring solutions that do testing on the same links that users rely upon.
Teams need to establish visibility across four key error domains:
- Local office or Wi-Fi network. Teams must be able to get insights from the user edge, regardless of whether a user is in a corporate office, traveling, or in a home office. Teams should be able to get visibility into users’ machines, including CPU and memory metrics. This is vital in helping streamline troubleshooting.
- Last-mile ISP. This is the network that extends to the user’s door, whether it is an employee in a corporate office who is using the enterprise ISP or it’s a work-from-home user on a local ISP network.
- Transit and backbone networks. Teams need to be able to determine which mid-path networks user traffic traverses, and to understand the evolving peering relationships among different service providers.
- Application infrastructure. NetOps teams must gain the ability to gauge performance of the application infrastructure, whether it is running within an enterprise data center or cloud-based environment. It is important to be able to gain an application-level perspective, so, for example, teams can see that multiple end users are having issues with the same application.
It is vital to leverage unified solutions that tie this intelligence together. Teams should be able to start with high-level dashboards that provide at-a-glance insights into all these different domains, and then be able to drill down to get details on any specific area.
The power of active monitoring
With this end-to-end coverage, teams can track both the overlay and underlay, and do comparisons. This is vital in enabling teams to quickly understand where issues are occurring, including whether in a VPN tunnel, SD-WAN environment, office, or ISP network.
Through continuous monitoring, NetOps teams can get regional insights, focusing on specific ISPs within particular regions. For example, teams can look at those ISPs serving an area in which a satellite office is based or where there’s a concentration of hybrid workers.
With these capabilities, a NetOps administrator can compare the experience and reliability metrics of end users in the same region who are being served by two different ISPs. Based on relative performance metrics, teams can make recommendations to end users in terms which ISP end users can choose in order to get the best service levels.
Watch our presentation to learn more
To learn more, be sure to watch our Small Bytes presentation, entitled How do I find network performance problems in ISP networks? Find out how to gain the visibility needed to boost operational efficiency. See how AppNeta can help you speed the time it takes to identify which domain is experiencing issues, and just as importantly, which domain is not.
