Establishing a Baseline

Many organizations focus on network uptime and reliability, but not many actually profile their traffic over time to really understand the ebb and flow of data. Just like the tides around the world's oceans, there is an ebb and flow of data, though it will be at different times and in different volumes depending on network location. Sometimes the tides can change suddenly, causing damage and loss of availability. The best way to protect yourself from being overwhelmed when the (network) tides change is to understand the cycle and move with it.

This means having a baseline.

A baseline for network traffic means knowing the expected volume of data or circuit utilization for a given time or scenario. For many enterprises this revolves around their business hours and operations Monday - Friday. For internet service providers it's tied more to a 24x7 cycle, with streaming traffic peaking in later hours of the day and during weekends. Understanding how the network runs and at what level of utilization during normal operations means that you can spot deviations. 

Deviations in traffic can be very bad, such as a traffic surge during a DDoS attack, or they can be good. An example of a good deviation is shown below, during Easter Sunday morning in 2016.

Traffic trough caused by a holiday

There is a precipitous drop in traffic, that then picks back up a bit around 11AM after many religious services end, then shoots up to typical levels right after Easter brunch / lunch. Having a good baseline allows us to spot the deviation, and understand that when traffic levels suddenly shoot back up it is actually a perfectly normal thing. This kind of deeper understanding of network behavior is critical to keeping networks available and functioning optimally.

We recommend looking at network behavior and performance over the following intervals to start:

  • 24hrs
  • 48hrs
  • 1 week
  • 1 month

That will give you a good idea of where you currently stand in terms of utilization, and will help you outline some preliminary ideas about trends. From there you can decide if you want to retain more flow data, and grow your monitoring in a strategic direction.

Mikrotik Netflow Configuration