Network Performance: Active Monitoring? Passive Monitoring? How About Both?!

What’s better for network performance monitoring: active monitoring or passive monitoring?

Two types of monitoring are often discussed and considered to assure the performance of communications networks: active testing and passive testing. It’s common for these to be presented as an either/or choice, one being better than the other. Instead, we think that these are complementary technologies, and that indeed operators should be using both to get a full picture of what’s happening from overall network performance all the way down to application transaction-level activity to understand the end-user experience.

Active monitoring: precise, targeted, real-time… but yeah, it’s simulated

Let’s start with active monitoring, which is becoming more popular because of its “real-time” nature, and the fact that it’s always available; no need to wait for actual user traffic. These features are becoming increasingly important to help operators differentiate on quality of experience (QoE) in the face of increasingly complex mobile networks. Also known as synthetic monitoring, this method simulates the network behavior of end-users and applications, tracking activity at regular intervals (as fast as thousands of times a second) to determine metrics like availability or response time. It’s precise and targeted—well-suited for real-time troubleshooting and optimization.

Active synthetic monitoring is also useful for:

  • Segmenting the network, as well as providing an end-to-end view. (Some passive methods can do this too, but at a very large expense.)  
  • Validate servers and network paths before a service or application is committed to use them, or switched on using them.
  • Selecting alternate servers or network paths best suited to a specific service or application.
  • Discover and report on existing, varying paths taken by service and application traffic.

There are a few potential catches, though:

  1. Administrative burden. Increased network complexity may actually be a deterrent to using active monitoring, because of the management involved. An automated provisioning solution (aka self-provisioning) may be able to make this requirement manageable.
  2. It’s artificial. Because active monitoring uses simulated test traffic, it can never 100% reflect what is happening with real end-user application behavior and therefore the user experience. (Although it’s important to note that applications potentially change their behavior with every release, and active monitoring allows historical consistency by keeping the traffic pattern the same.) This is why operators also need passive testing.

Passive monitoring: low overhead, real traffic…. but yeah, it’s reactive

In contrast to the real-time, simulated nature of active monitoring, passive monitoring tracks actual (not synthetic/”artificial”) traffic over time—using specialized probes or built-in data capture capabilities on switches and other network devices—and reports on network resource usage. The observational nature of passive monitoring makes it ideal for predictive analysis using large volumes of data to identify bandwidth abusers, set traffic and bandwidth usage baselines, and mitigate security threats.

Also, in content delivery networks (CDNs), the ability to extract service names and report usage is paramount. With passive monitoring, it is possible to look into the payload and track a specific application using a given server. In other words, passive monitoring provides service inventory.

As with active synthetic monitoring, passive monitoring has its own set of limitations:

  • As network topology becomes more dynamic, discovery is becoming a necessity. This is only possible using active methods.
  • The more complex a network is, the more likely that passive monitoring, and the data it reports, won’t suffice to determine root causes or locations of performance issues.
  • Every application uses the network differently, reacts differently, and addresses different users with different QoE sensitivity. Any insight extracted for a given application may not be applicable to another application; it’s not a slam dunk.
  • Passive monitoring solutions must be constantly updated to reflect the changing nature of services.

Better together

So, in a nutshell: active synthetic monitoring is great for real-time performance statistics about specific network functions while also putting the overall network environment into context. And passive monitoring, while reactive in nature, is a useful source of historical data for predictive analytics.

Passive monitoring continues to play a role in managing and optimizing wireless networks, and always will. Yet, given the complex nature of mobile networks today and tomorrow, operators also need to use active testing for real-time, proactive, automated QoE optimization. These are complementary technologies; both are necessary for complete performance assurance and competitive differentiation.

A single deployment of Accedian’s Skylight™ performance monitoring solution can bring both methods into the fold. For example, the Skylight sensor control component performs active monitoring in the form of TWAMP, service activation testing (SAT), service OAM, and similar methods. Meanwhile, the flow broker capture function can feed data to Skylight cloud and on-premises sensors or another passive analyzer for predictive analytics, and flowmeter provides passive metering and reporting (classifying and counting packets in a very granular fashion). The virtualized (software-based) nature of Skylight streamlines all of this; a single remote module makes possible both active and passive monitoring.