What is Passive Monitoring?

No matter how solid a communications system is when it’s first implemented, things tend to go wrong over time. As you add new technology, change settings, have increased voice or data volumes, and more, it becomes a requirement that you monitor your communications systems to ensure they run as expected.

Monitoring Your Communications Systems

There are two high-level methods when it comes to monitoring a network:

  • Active Monitoring, where you add synthetic, but realistic, transactions to the network and measure the performance of these transactions.
  • Passive Monitoring, where you obtain information from the network (applications, network elements and mirrored packet flows) while the network is in use.

Read: Take a Closer Look: What is Active Monitoring?

Based on the classification above, passive monitoring can be further divided into two categories: query-based monitoring and packet-based monitoring.

Query-based Monitoring

Query-based monitoring relies on network elements and applications to maintain performance and/or qualitative metrics that can be queried by an agent. One of the more common methods is to use Simple Network Management Protocol (SNMP) GETs to retrieve information from a running system. Similarly, SNMP TRAPs will proactively notify an agent that there may be an issue.

As communication systems evolve, they are providing more application-specific, qualitative information that monitoring systems can take advantage of. In other words, they are moving beyond basic health checks of CPU, disk and memory usage.

Many contact centers and Unified Communications systems, for example, have added jitter, packet loss and Mean Opinion Score (MOS) values to Call Detail Records. These values can be obtained by a monitoring system for display in dashboards and reports and can be fed into powerful mediation and correlation engines to help provide a better understanding of overall performance through analytics.

Read: Are Customers Seeing Your Problems Before You Do?

Packet-based Monitoring

Packet-based monitoring provides analysis at the packet level. This method uses a network feed via a mirror port or network tap and performs Deep Packet Inspection (DPI) on each packet.

Since you can’t determine a whole lot from looking at a single packet, a monitoring system needs to correlate packets into application flows in order to provide meaningful application-level information. Additionally, application flows may traverse geographically diverse tap points, so the system needs to stitch together flows from different locations in order to present a complete picture. These correlated flows can provide a wealth of information about network performance and user experience.

Packet-based monitoring systems are also great for troubleshooting. Since the system is operating at the packet level and also providing correlation, a technician can quickly filter out the millions packets on the wire and drill down to a single application flow of interest.

Do You Have to Choose?

Packet-based monitoring and query-based monitoring are complementary. Query-based metrics provide the application, network element, or endpoint perspective on performance and user experience. Conversely, packet-based monitoring provides a vendor agnostic view of application performance and facilitates troubleshooting via correlated application flows.

More on active/passive monitoring