We all—or at least, all network administrators—wish that band were unlimited and cost nothing. Unfortunately, nothing is further from the truth. Bandwidth is both expensive and limited. As a consequence, we tend to order just enough bandwidth for our needs. This, in turn, has another consequence: we need to keep an eye on bandwidth usage. This is the only way we can know when bandwidth reaches critical thresholds—where the performance starts to be impacted—allowing us to react.
The best way to keep a watchful eye on bandwidth is to use some sort of tool built for that purpose. And there are lots of these tools. However, some are complex tools that typically require lots of resources and cost lots of money. So, we scoured the market looking for open-source network bandwidth monitoring tools. We were pleasantly surprised to discover that there are quite a few of them.
Before we reveal what the best tools are, we’ll start off by discussing bandwidth monitoring. We’ll learn what it is and how it can be done. The Simple Network Management Protocol is one of the most common technologies used for network bandwidth monitoring so we’ll have a look at it and see how it works. And finally, we’ll review the best open-source network bandwidth monitoring tools that we could find. For each one, we’ll briefly introduce their main features and advantages.
About Monitoring Network Bandwidth
Network bandwidth monitoring is a very specific type of monitoring. What it does is measure the amount of traffic passing a given point on a network. Typically, the measuring point is a router or switch interface but it’s not uncommon to monitor bandwidth utilization of a server’s LAN interface. The important thing here is to realize that all we’re measuring is the amount of traffic. Bandwidth monitoring won’t give you any information about what that traffic is, only how much of it there is.
There are several reasons for wanting to monitor network bandwidth utilization. First and foremost, it can help you pinpoint areas of contention. As a network circuit’s utilization grows, its performance starts degrading. This is a fact of life. The more you approach the maximum capacity, the more impact there is on performance. By allowing you to keep an eye on network utilization, bandwidth monitoring tools give you a chance to detect high utilization—and address it—before it becomes noticeable by users.
Capacity planning is another major benefit of network monitoring tools. Network circuits—especially long-distance WAN connections—are expensive and will often have only the bandwidth that was required when they were initially installed. While that amount of bandwidth might have been OK back then, it will eventually need to be increased. By monitoring the evolution of your network circuits’ bandwidth utilization, you’ll be able to see which ones need to be upgraded and when.
Bandwidth monitoring tools can also be useful for troubleshooting poor application performance. When a user complains that some remote application has slowed down, looking at the network bandwidth utilization can give you a pretty good idea whether or not the problem is caused by network congestion. If you see low network utilization, you can likely concentrate your troubleshooting efforts elsewhere.
SNMP Monitoring In A Nutshell
Most network bandwidth monitoring tools rely on the Simple Network Management Protocol (SNMP) to do their magic. Most networking equipment has built-in SNMP capability and can be polled by monitoring tools at regular intervals. Despite its misleading name, SNMP is actually quite complex. But don’t worry, you don’t have to be an expert and know all about it to use it. It’s just like you don’t have to be an auto mechanic to drive a car. It is, however, preferable to have at least some idea of how it works so let’s have a look at it.
At its base, SNMP is a communication protocol that specifies how an SNMP management system can read and write operational parameters in remote devices. The parameters are referred to as Object Identifiers or OIDs. Some of the interesting OIDs, from a monitoring standpoint, are those that contain major device metrics such as CPU and memory load or disk usage, for example. But when monitoring networking bandwidth utilization, two OIDs are of particular interest. They are the bytes out and the bytes in counters associated with each interface. They are automatically incremented by the network devices as data is output or input.
RELATED READING: 10 Best Virtualization Management Tools
Dating back to a time when IT security was not an issue, SNMP only has minimal security. An SNMP manager connecting to an SNMP-enabled device will transmit a “community string” with its request. If the string matches that configured in the equipment, the request will be carried out. Devices typically have two community strings configured, one for read-only OIDs and one for modifiable ones. The communication is not encrypted and anyone intercepting it would see the community strings in clear text. This is why SNMP is only used on private, secure networks.
How About An Example?
Here’s how most monitoring systems use SNMP to monitor bandwidth utilization. They periodically read the bytes in and out counters of a networking device’s interfaces at know intervals. Five minutes is a typical interval value but shorter times can be used for finer resolution. They then store the polled values in some sort of database or file.
The rest of the process is simple maths. The monitoring system subtracts the previous counter value from the current one to get the number of bytes transmitted or received during the polling interval. It can then multiply that number by eight to get the number of bits and divide it by the number of seconds in the interval to get the number of bits per second. This information is typically plotted on a graph showing its evolution in time and stored in a database.
RELATED READING: What Is Throughput? 6 Best Tools to Measure Throughput
It is important to note that what you get is an estimation of the average utilization over the polling interval, not the real bandwidth utilization. For instance, let’s suppose that a circuit is used at maximum capacity during half of the polling interval and carries no traffic during the other half. It would show up as being used at 50% of its capacity despite being maxed out for an extended period. Shorter polling intervals will reduce this distortion but it is important to keep in mind that these systems only give you average values.
The Best Open-Source Network Bandwidth Monitoring Tools
We’ve searched the web for some of the best open-source bandwidth monitoring tools. We were quite pleased to discover that there are quite a few excellent tools available out there. A few of the tools on our lists date back several years but are still in widespread use today. After all, being free and open-source has a certain appeal. All the tools on our list feature SNMP bandwidth monitoring and they all feature a centralized console where you can configure the tool and get a visual rendition of the current status of your network.
Zabbix is a free and open-source product which can be used to monitor anything. The tools can run on a handful of Linux distributions—including Rapsbian, the Raspberry Pi version on Linux—and it will monitor network bandwidth, servers, applications and services, as well as cloud-based environments. It features a highly professional look and feel. This product also boasts a broad feature set, unlimited scalability, distributed monitoring, strong security, and high availability. Despite being free this is a true enterprise-grade product.
Zabbix uses a combination of monitoring technologies. It supports SNMP monitoring as well as the Intelligent Platform Monitoring Interface (IMPI). It can also do agent-based monitoring with agents available for most platforms. For easy setup, there’s auto-discovery as well as out-of-the-box templates for many devices. The tool’s web-based user interface has several advanced features such as widget-based dashboards, graphs, network maps, slideshows, and drill-down reports.
Zabbix also features a highly customizable alerting system which will not only send out detailed notification messages but that can also be customized based on the recipient’s role. It can also escalate problems according to flexible user-defined service levels.
There are two versions of Nagios available. There’s the free and open-source Nagios Core and then there’s the paid Nagios XI. Both share the same underlying engine but the similarity stops there. Nagios Core is an open-source monitoring system that runs on Linux. The system is completely modular with the actual monitoring engine at its core. The engine is complemented by dozens of available plugins which can be downloaded to add functionality to the system. Each plugin adds some features to the core.
Preserving the modular approach, the tool’s front-ends is also modular and several different community-developed options are also available for download. The Nagios Core, the plugins and the front end combine and make for a rather complete monitoring system. There is a drawback to this modularity, though. Setting up Nagios Core can turn out to be a challenging task.
Nagios XI is a commercial product based on the Nagios Core engine but it is a complete self-contained monitoring solution. The product targets a wide audience from small businesses to large corporations. It is much easier to install and configure than Nagios Core, thanks to its configuration wizard and auto-discovery engine. Of course, this ease of setup and configuration comes at a price. You can expect to pay around $2 000 for a 100-node license and about ten times as much for an unlimited one.
3. Zenoss Core
Zenoss Core may not be as popular as some of the other monitoring tools on this list but it truly deserves to be here because of its feature set and professional look. The tool can monitor many things such as bandwidth utilization, traffic flows, or services like HTTP and FTP. It has a clean and simple user interface and its alerting system is excellent. One thing worth mentioning is its rather unique multiple alerting system. It allows a second person to be alerted if the first one does not respond within a predefined delay.
On the downside, Zenoss Core is one of the most complicated monitoring systems to install and set up. Installation is an entirely command-line driven process. Today’s network administrators are used to GUI installers, configuration wizards and auto-discovery engines. This could make the product’s installation seem a bit archaic. Then again, this is in line with the Linux world. There are ample installation and configuration documentation available and the end result makes it worth the efforts.
Icinga is yet another open-source monitoring platform. It has a simple and clean user interface and, more importantly, a feature set that rivals some commercial products. Like most bandwidth monitoring systems, this one uses SNMP to gather bandwidth utilization data from network devices. But one of the areas where Icinga particularly stands out is its use of plugins. There are thousands of community-developed plugins that can perform various monitoring tasks, thereby extending the product’s functionality. And in the unlikely event that you couldn’t find the right plugin for your needs, you can write one yourself and contribute it to the community.
Alerting and notification also among Icinga’s great features. Alerts are fully configurable in terms of what triggers them and how they are transmitted. The tool also features what is referred to as segmented alerting. This feature will let one send some alerts to one group of users and other alerts to different people. This is nice to have when you monitor different systems managed by different teams. It can ensure that alerts are transmitted only to the proper group to address them.
LibreNMS is an open-source port of Observium, a popular commercial network monitoring platform. It is a fully-featured network monitoring system that provides a wealth of features and device support. Among its best features is its auto-discovery engine. It doesn’t only rely on SNMP to discover devices. It can automatically discover your entire network using CDP, FDP, LLDP, OSPF, BGP, SNMP and ARP. Talking about the tool’s automation features, it also has automatic updates so it will always stay current.
Another major feature of the product is its highly customizable alerting module. It is very flexible and it can sed alert notifications using multiple technologies such as email, like most of its competitors but also IRC, slack, and more. If you’re a service provider or your organization bills back each department for their use of the network, you’ll appreciate the tool’s billing feature. It can generate bandwidth bills for segments of a network based on usage or transfer.
For larger networks and for distributed organizations, the distributed polling features of LibreNMS allow for horizontal scaling to grow with your network. A full API is also included, allowing one to manage, graph, and retrieve data from their installation. Finally, mobile apps for iPhone and Android are available, a rather unique feature with open-source tools.
We had to include Cacti on this list. After all, at 17 years of age, it is one of the oldest free and open-source monitoring platform. And it is still quite popular to this day it is still actively developed. The latest version was just released in late January. While Cacti might not be as feature-rich as some other products, it is still an excellent tool. Its web-based user interface has a somewhat of a vintage feel but it is well laid out and easy to understand and use. Cacti is comprised of a fast poller, advanced graphing templates, and multiple acquisition methods. While the tool primarily relies on SNMP polling, custom scripts can be devised to get data from virtually any source.
This tool’s main strength is in polling devices to fetch their metrics—such as bandwidth utilization—and graphing the collected data on web pages. It does an excellent job of that but that’s all it will do. If you don’t need alerting, fancy reports or other extras, the product’s simplicity might be just what you need. And if you need more functionality, Cacti is open-source and entirely written in PHP, making it highly customizable and you can add any missing features you need.
Cacti makes extensive use of templates which account for an easier configuration. There are device templates for many common types of devices as well as graph templates. There’s also a huge online community of users who write custom templates of all kinds and make them available to the community and many equipment manufacturers also offer downloadable Cacti templates.
The Multi Router Traffic Grapher, or MRTG, is the granddaddy of all network bandwidth monitoring systems. While the open-source project has been around since 1995, it is still in widespread usage, despite the fact that the latest version is already five years old. It is available for Linux and Windows. Initial setup and configuration are somewhat more complicated than what you’d experience with other monitoring systems but excellent documentation is readily available.
Installing MRTG is a multi-step process and you need to carefully follow the setup instructions. Once installed, you configure the software by editing its configuration file. What MRTG lacks in user-friendliness, it gains in flexibility. Mostly written in Perl it can easily be modified and adapted to one’s exact needs. And the fact that it’s the first monitoring system and that it is still around is a testament to its value.