Network analytics is any process where network data is collected and analyzed to improve the performance, reliability, visibility, or security of the network.
Today, network analytics processes are being increasingly automated. As a result, IT staff can monitor performance, troubleshoot problems, and perform other, increasingly complex tasks faster and more efficiently.
In network analytics, a software engine analyzes and extracts insights from data collected from various sources. Those sources include network devices (switches, routers, and wireless), servers (syslog, DHCP, AAA, configuration database, etc.), and traffic-flow details (wireless congestion, data speeds, latency, etc.).
Network analytics processes are automated, resulting in more wide-ranging analysis than what was possible through a manual approach. Network analytics can scale to support many devices, clients, users, and applications, with the goal of improving overall user experience without substantially increasing operating costs.
More-advanced network analytics systems are using artificial intelligence (AI) and machine learning (ML) technologies to further improve the insights they deliver.
Network analytics collects data from a variety of sources, including from servers such as DHCP, Active Directory, RADIUS, DNS, and syslog, and from network devices using protocols such as NetFlow, traceroute, and SNMP. It uses telemetry and deep packet inspection (DPI) to build a rich database from which contextual information can be derived.
DPI of select traffic flows is a rich data source for network analytics. An analysis of such traffic using techniques such as Network Based Application Recognition (NBAR) and Software-Defined Application Visibility and Control (SD-AVC) can discern the communication protocols and applications being used.
Analytics engines can use this information in a variety of ways, such as setting quality-of-service (QoS) parameters automatically or profiling endpoints.
Streaming telemetry reduces delays in data collection. Telemetry provides real-time information on anything from simple packet-flow numbers to complex, application-specific performance parameters. Systems that can stream more telemetry, from more sources and about more network variables, give the analytics engine better context. And better context improves the accuracy and usefulness of insights.
Another important factor an analytics engine considers is context. The context is the specific circumstances or underlying conditions in which a network anomaly occurs. The same anomaly in different conditions can require very different remediation, so the analytics engine must be programmed with the many variables for contexts, such as network type, service, and application.
Other contexts can include wireless interference, network congestion, service duplication, and device limitations.
Network analytics derives insights from data it aggregates from the network, hosts, and devices. Using data from many sources, network analytics can correlate and view issues from many angles to form a complete, multidimensional picture of the state of the network itself and endpoints in the network.
The analytics engine, the software program that analyzes data and makes decisions, collects data from around the network and performs the desired analysis. This type of data analytics may compare the current state with a model of optimal performance. Whenever the program identifies a deviation from optimal, it may suggest remediations or present its findings to a higher-level program or to the IT staff.
This type of data analytics engine may also scrutinize endpoint traffic to help identify the endpoint itself or endpoint traffic behavior that may signal malware infection.
Networking engineers often debate whether network analytics should be performed remotely, in the cloud, or locally, at the customer premises.
Placing the analytics engine in the cloud offers access to much more processing power, scale, and communication with other networks. Cloud-hosted analytics also benefits from up-to-the-minute algorithms and crowdsourced data. Placing the analytics engine on-premises offers better insights and remediation performance, and it reduces the amount of data required to backhaul to the cloud. Both of those advantages are particularly important in larger enterprise networks.
Should you use cloud or local analytics? The answer is, both. ML and machine reasoning (MR) modules can be placed in the cloud to benefit from larger computing resources. But having the analytics engine on site can offer large gains in performance and save big on WAN costs.
The analytics engine considers the relationship among variables in the network before offering insights or remediation. The correlation among devices, applications, and services can mean that correcting one problem can lead to problems elsewhere. While correlation greatly increases the number of variables in the decision tree and adds complexity to the system, it's essential so that all variables can be evaluated for accurate decisions.
Most analytics engines offer guidance on performance improvement through decision trees. When an analytics engine receives network data indicating subpar performance, the decision tree calculates the best network-device adjustment or reconfiguration to improve performance of that parameter.
The decision tree grows based on the number of sources for streaming telemetry and the number of options for optimizing performance in each point. Because of the complexity of processing these very large data sets in real time, analytics was previously performed only on supercomputers.
The analytics engine spots network anomalies, faults, and performance degradations by comparing the incoming streaming telemetry with a model of optimal network performance for each data source. That process produces insights into ways network performance and user experience can be improved.