Network Traffic: What's your Priority?

Virtually any business/enterprise network is likely to see situations in which network utilization spikes unexpectedly, resulting in congestion, 'slow access' and other types of interruption.

This pain is most commonly experienced at the Internet gateway. Someone discovers it's not really a good idea to send a 53MB video file to 107 of his closest friends, or a malware outbreak saturates the connection with spam relays or 'warez' downloads.

Depending on your business, some types of network traffic are likely to be much more important than others - even to the point of being vital to the business itself. How do you ensure that mission-critical network activities are able to punch through these situations? More importantly, how do you ensure that you can have diagnostic access to key routing and switching equipment in the event of a traffic saturation condition?

This article introduces techniques for prioritizing network traffic, along with its implications for network monitoring and management.

Priority Shmiority

Prioritizing traffic ahead of time can be an excellent way to cope with unexpected surges in network utilization. As an example, if you're performing mission critical data/file replication across a high speed WAN link, you may want to prioritize those transfers over HTTP traffic. If, on the other hand, your staff at remote locations rely heavily on a hosted web application, you may want to institute the opposite policy: prioritize web access over file transfers. Voice over IP (VoIP) is an excellent candidate for traffic prioritization. Depending on your own organization's needs, there may be other types of traffic which qualify as well.

Quality of Service (QoS) Policies are typically implemented on routers and switches, and can provide you with a reliable performance guarantee for a particular type of network traffic. In congestion situations, you can be sure that your mission critical traffic continues to get the wire time it needs. Voice over IP (VoIP) traffic, in particular, can benefit greatly from this type of arrangement, as it is highly susceptible to latency, drops, jitter and other network interruptions.

Modern QoS implementations are flexible enough to provide negotiated performance guarantees for particular protocols without pre-allocating dedicated bandwidth. This means that bandwidth for a particular protocol (or set of protocols) is "set aside" on an as-needed basis, allowing other applications to use any excess capacity that is not being consumed by the priority traffic.

QoS does have its limitations. In order to achieve meaningful results, for example, you might need to implement QoS along each hop of your switched (or routed) network which could become saturated, as any potential congestion point can interfere with QoS performance In addition, disruptions in basic connectivity, or even Denial-of-Service (DOS) attacks, can still result in traffic flow interruptions.

Fortunately, QoS is still a highly reliable mechanism to ensure that mission-critical data makes it through. And QoS capabilities are often already present in many business-class routing and switching products. There are also dedicated hardware and software systems available which perform this task exclusively - these systems are known commercially as 'traffic shapers'.

Management and Traffic Priority

Management and monitoring access to your key infrastructure is vital when problems occur. A case can be made, then, to set aside dedicated resources or create QoS policies for this type traffic.

Management traffic can take place using many different protocols (i.e. Telnet, SSH, VNC, SNMP and/or Microsoft Remote Desktop) and their usage tends to vary considerably between organizations. Some of these protocols use very little bandwidth, while others require more resources.

The defacto monitoring standard for all varieties of network-connected equipment is Simple Network Management Protocol (SNMP). Through SNMP, engineers and administrators can gather all types of operational and performance data from network devices. SNMP travels encapsulated in UDP packets, and uses UDP ports 161 and 162.

In high congestion situations, though, UDP traffic is highly susceptible to packet loss. Since it is also a connectionless protocol, there is no means to recover these lost packets. However, it is precisely at these times that administrators need diagnostic access to these devices, in order to determine the nature of the problem, check performance indicators, etc. Fortunately, SNMP is not typically a high overhead protocol. Most SNMP lookup operations and information gathering can be completed with very little network overhead (i.e. less than 5kps).

Monitoring Quality of Service

Monitoring network performance and service quality is important to ensure that you can identify problem situations early, if possible, and remain continually ready to cope with those unexpected situations. Tools like Netmon's Software Edition, Professional Edition, and Enterprise Edition allow you to monitor many different performance indicators for network and application service levels, and can alert you when specific performance indicators get out of hand.