Checking your network’s backbone with switch monitoring

Switch and port monitoring are indispensable components in a good network monitoring solution. Let’s see why, and how to monitor your switches.

What is a switch?

A network switch is a device that connects other devices together in a computer network. Here we are specifically discussing computer networks, but of course there are switches in other fields too. All operate in similar ways, by connecting different devices through their physical ports. Most computer network switches fall into one of two categories, data link layer and multilayer switches. The former use the MAC addresses of devices to direct traffic to the appropriate destination, while the latter can also use IP addresses.

Functionally, they do the same job: ensuring that a packet from a source reaches the right destination. This role must not be confined to a single network as switches can also connect multiple networks. 

Even non Ethernet-based network types, such as Token Ring or Fibre Channel can be united with a switch, a multilayer switch in such cases.

Switches are extremely common in networks, playing the role of the backbone of network performance and reliability. It is therefore natural to think of implementing a switch monitoring system to ensure the network’s overall stability. The monitoring of switches will allow the ‘taking the pulse’ of how well all of the switches in your network function, or not, and alert you of any malfunctions.

What is a switch port?

Switch ports are physical connections to which devices can be attached, and which connect to the network the switch operates on. In the vast majority of enterprise networks, these ports are Ethernet ones, the most common also in consumer-grade devices. Switches have multiple switch ports, on a variable number that goes from fewer than a dozen to multiples of ten. When more ports are needed, more switches can be added and possibly interconnected.

These ports are those that are monitored when implementing port monitoring, the subcategory of switch monitoring that takes care of checking how well the ports, not just the switches, work. As the actual traffic goes through switch ports, these cannot be ignored in the context of monitoring your infrastructure.

What are the types of switch ports?

There are many types of switch port, differing in the supported network technologies, network architecture’s role, and functionalities. Ethernet switches will have RJ45 connectors, while Token Ring switches have STP connectors. The family of SFP connectors is to be found on switches that support Gigabit Ethernet or Fibre Channel networks. Similarly, for other network technologies, switch ports will be physically different. Switches supporting more than one type of connector are common though.

Depending on the switch port’s role, we have access, trunk, and hybrid ports. Access ports give devices access to a single network, while trunk ports connect different networks. Hybrid ports play both roles. These roles are independent of a switch port’s physical form.

Furthermore, there are a few special types of switch ports with specific functionalities. A stack port is one used to connect other switches of the same model, brand, and switch software version. These are useful to increase the port capacity of a network as all the thus stacked switches will have a usable port number equal to the sum of the combined switches. PoE (Power over Ethernet) switch ports are capable of carrying data and power on a single port, saving physical space on the rear of switch hardware.

All of these various ports can be regularly checked in network port monitoring, with their collected metrics of course differing according to the ports’ roles and network technology.

Inventory of all ports of a switch

What is switch monitoring?

Switch monitoring is, simply, monitoring all of the switches in a network. ‘All’ being an important word here since only by having a holistic view of the network is it possible to be aware of every issue, disruption, and misconfiguration. Switches are key components in any infrastructure, making network switch monitoring an indispensable tool in your overall network monitoring.

The term, monitoring a switch, has a number of meanings. As switches are separate devices, with their own processes, switch software versions, hardware, and capabilities, they need to be monitored as you would any other host. Switch monitoring is then not only a way to monitor the traffic but also includes the actual checking of how each switch in a network is performing. Both what/how data flows through a switch and the device itself make up a switch monitoring.

Switch monitoring with Checkmk of course allows you to monitor both the devices and the network traffic, as well as supporting port monitoring to also have switch ports under control. It is important to not exclude either component when implementing a switch monitoring solution.

How to monitor a switch

The king of switch monitoring is still SNMP. Through this protocol, widely supported by switch vendors, it is relatively easy to monitor all of your switches. SNMP can be used directly from a terminal, but these days user-friendly interfaces which include integrated SNMP commands have been implemented by many network monitoring tools.

Many switches do not however allow the installation of third-party agents supplied with modern switch monitoring software, so limiting the monitoring possibilities to SNMP. This does not mean that SNMP is the only way to monitor a switch. Network flow monitoring protocols such as NetFlow and sFlow are well-supported by switches, including those that forbid the installation of external agents. These protocols focus more on the sources and destinations of traffic going through the switches, which is clearly useful but not a complete view of how a switch is working. A mix of SNMP and a flow monitoring protocol, wrapped in a modern interface is a more comprehensive method for switch monitoring.

Network monitoring with Checkmk includes all this, without forgetting the always vital network port monitoring that is crucial to implement when talking about switches.

Graphs of a switch interface in Checkmk

What to monitor on a switch?

What needs to be monitored on a switch? Both the general health of the switches themselves, their ports, and the overall traffic. Switch monitoring necessarily includes network port monitoring.

In practice this means the monitoring of a number of metrics. Firstly, each switch port's status, whether they are active or inactive, and why they became so, is important to have highlighted in your monitoring dashboard. Ports that are in use, but should not be, can be a potential security breach, while ports that should be functioning but are not may signal a malfunctioning or a misconfiguration. Network port monitoring can reveal both conditions.

Once the status of each switch port is known, it is necessary to know how they are performing. The bandwidth used by each port, along with their packet and error rates, needs to be constantly monitored. This information will tell the administrator how well each port is working, and if there is a possible hardware fault.

All network interfaces exposed to the switches need to be monitored as well. Here their bandwidth and general usage are two metrics that can alert you of possible problems.
Once ports and network interfaces are under observation, the switches themselves are the next matter. Their overall health, as in CPU average utilization, free memory, operational temperature, is as important as a monitoring of the switch ports. Some of the problems highlighted by port monitoring may be caused by a faulty switch, or an overworked one. Collecting metrics on the switches and not just the ports will give you an optimal view of these network backbones.

Advantages of switch monitoring

Switch monitoring offers a number of advantages. Primarily, knowing how all the switches are performing in your network will help you in capacity planning. Monitoring each switch takes the pulse of a critical part of the network infrastructure; if any switch is overloaded or failing, you may know in advance through the switch monitoring.

If any of a switch’s ports is constantly using up all of the bandwidth or all of the ports on a specific switch, it may be a signal that a node in your network is in need of upgrading or that a rogue user or service is gobbling up all of the traffic. Without network switch monitoring it would be impossible to know about such situations.

Whether any switch is overloaded or failing, monitoring switches will help you know about it beforehand. It is not solely a ‘good to know’ info but can help you prevent network disruptions that can cost time and money. Monitoring each switch and being alerted about unusual usage or errors is the only way to act in advance, before a switch fails altogether or starts to cause service interruptions.

Port monitoring can do the same, and inform you if any switch needs to increase its number of ports. Capacity planning for switch ports is as important as for the complete switches.
Lastly, switch port monitoring can increase the security of your network. Knowing which ports are in use, and need to be enabled, and what are unused, means that a network administrator can block the latter, preventing any potential unauthorized use. In enterprise networks you can never be too safe, and switch monitoring can be of help here too.

Graph of CPU utlization on a switch

What are the challenges of switch monitoring?

Monitoring the great number of switches and ports on a network is always challenging. Tens, even hundreds, of ports all have their own, quickly changing, statuses. Traffic through switches is never static and fluctuates all the time. This can lead to a few challenges.

Ports, and in particular access ports, pose a high risk of generating a flow of false positives. This is because access ports are normally used by users to connect to the network, with their terminals shut down without notice when their job is done. This is seen by the switch monitoring software as a port suddenly going offline, and thus triggering an alert. Of course, it is normal behavior but unless properly pre-configured, the monitoring tool could not know this. Switch monitoring is not implemented without a configuration, and one of its challenges is to set the monitoring up properly at the beginning.

This includes also taking all of the switch ports to be monitored into consideration. A normal port scan is usually not sufficient, as some ports may be momentarily offline during the scan and thus be excluded from the monitoring. These ports will go online sooner or later but if they are not manually added to the monitoring system, you will not notice them. Again, pre-configuration is necessary.

Monitoring a switch therefore presents a few challenges that can be often solved by the right configuration. In enterprise networks it is however impractical to manually set up each of the multitude of ports across all of the switches. Instead, a monitoring solution that works with a rule-based configuration can show its strength in switch port management. Rules enable the administrator to define a policy for monitoring in a few simple steps and then to monitor only the error rate of all access ports, for example. Network monitoring with Checkmk is rules-based and fits as the right solution to the challenges of switch and port monitoring.


What is a switch monitoring tool?

A network switch monitoring tool is a software that allows administrators to monitor a switch. It often includes network switch management capabilities, which also allows experts to configure switches. These tools may be cloud or on-premise, and generally include port monitoring and network flow monitoring features. Most are paid solutions, but free versions exist, such as the Checkmk Raw Edition or the Checkmk Free Edition.

What do bandwidth, packet and error rates mean?

Bandwidth, or network bandwidth to be precise, is the maximum rate of data transfer across a given path, for example, through a switch port. Packet rate is the number of packets per second that move over a network, at a specific point in the network. This may be, again, a switch port or the whole switch. Error rate is the proportion of packets containing one or more errors that have been received over a network.