There are two distinct types of visualizations and I'll provide my opinion about both, i.e. real-time and static. Unluckily, there is no network management vendor who really provides a decent visualization. In reality the best I have seen was dated pre-1995, written as a DOS application by Madge Networks. It provided real-time visualization of source routed spanning tree networks. It was a great tool in troubleshooting problems in token-ring networks, and displayed bubble, stick and lollipop diagrams. (Damned if I can remember the name of the app!)
I have specified two types of visualizations as each serves as different functional requirement. The real-time visualization is useful when the !@#$%^ has hit the fan, and the static visualization is useful to prevent the !@#$%^ from hitting the fan.
The best visualization is RADAR. This type of visualization has been around since WWII, but hasn't found it's way into a network management product. The basic idea is there, see this post about the history of ping, but a product to fully emulate radar in networks has not been done.
Radar as used in air traffic control provides height, speed, direction and location to a controller. The controller also creates on his scope a depth by stipulating the radius being monitored. Importantly, radar does not monitor all aircraft. It sequentially scans the skies.
How does a network radar look:
- the controller determines the depth by stipulating the maximum latency to a network device that will appear on the scope.
- the height of the network devices are the aggregated packet / byte count for the designated monitoring period.
- the speed of the network device is the packet / byte rate at the time of the poll.
- the location is the IP address which also determines the radius on which the network device appears.
- the direction of the network device is the direction of the single biggest flow, with the direction being determined by the IP address.
The best static visualizations are street maps. The routers are the roads, the links are the buildings, the campuses are the office parks, and the traffic load determined the height of the building.
Routers that are directly connected to each other are represented as cross roads.
How does a network street map look like:
- the width of the road is determined by the router's processing ability.
- the size of the building is determined by the link's speed.
- the height of the building is determined by historic traffic load.
- colour is used to designate topology types.
There is a related blog post, taking the theme further using auralization (visualizations using sound.)