Skip to main content

Network visualizations

Many moons ago on the Netcordia blog, I read an interesting blog by Terry about useful visualizations. This triggered my thoughts about network visualization.
There are two distinct types of visualizations and I'll provide my opinion about both, i.e. real-time and static. Unluckily, there is no network management vendor who really provides a decent visualization. In reality the best I have seen was dated pre-1995, written as a DOS application by Madge Networks. It provided real-time visualization of source routed spanning tree networks. It was a great tool in troubleshooting problems in token-ring networks, and displayed bubble, stick and lollipop diagrams. (Damned if I can remember the name of the app!)
I have specified two types of visualizations as each serves as different functional requirement. The real-time visualization is useful when the !@#$%^ has hit the fan, and the static visualization is useful to prevent the !@#$%^ from hitting the fan.

Real-time visualizations
The best visualization is RADAR. This type of visualization has been around since WWII, but hasn't found it's way into a network management product. The basic idea is there, see this post about the history of ping, but a product to fully emulate radar in networks has not been done.
Radar as used in air traffic control provides height, speed, direction and location to a controller. The controller also creates on his scope a depth by stipulating the radius being monitored. Importantly, radar does not monitor all aircraft. It sequentially scans the skies.
How does a network radar look:
  • the controller determines the depth by stipulating the maximum latency to a network device that will appear on the scope.
  • the height of the network devices are the aggregated packet / byte count for the designated monitoring period.
  • the speed of the network device is the packet / byte rate at the time of the poll.
  • the location is the IP address which also determines the radius on which the network device appears.
  • the direction of the network device is the direction of the single biggest flow, with the direction being determined by the IP address.
Static visualizations
The best static visualizations are street maps. The routers are the roads, the links are the buildings, the campuses are the office parks, and the traffic load determined the height of the building.
Routers that are directly connected to each other are represented as cross roads.
How does a network street map look like:
  • the width of the road is determined by the router's processing ability.
  • the size of the building is determined by the link's speed.
  • the height of the building is determined by historic traffic load.
  • colour is used to designate topology types.

There is a related blog post, taking the theme further using auralization (visualizations using sound.)


Popular posts from this blog

LDWin: Link Discovery for Windows

LDWin supports the following methods of link discovery: CDP - Cisco Discovery Protocol LLDP - Link Layer Discovery Protocol Download LDWin from here.

easywall - Web interface for easy use of the IPTables firewall on Linux systems written in Python3.

Firewalls are becoming increasingly important in today’s world. Hackers and automated scripts are constantly trying to invade your system and use it for Bitcoin mining, botnets or other things. To prevent these attacks, you can use a firewall on your system. IPTables is the strongest firewall in Linux because it can filter packets in the kernel before they reach the application. Using IPTables is not very easy for Linux beginners. We have created easywall - the simple IPTables web interface . The focus of the software is on easy installation and use. Access this neat software over on github: easywall


#!/bin/bash # # usage <configuration file> # eg: /etc/ipset-threatblock/ipset-threatblock.conf # function exists() { command -v "$1" >/dev/null 2>&1 ; } if [[ -z "$1" ]]; then   echo "Error: please specify a configuration file, e.g. $0 /etc/ipset-threatblock/ipset-threatblock.conf"   exit 1 fi # shellcheck source=ipset-threatblock.conf if ! source "$1"; then   echo "Error: can't load configuration file $1"   exit 1 fi if ! exists curl && exists egrep && exists grep && exists ipset && exists iptables && exists sed && exists sort && exists wc ; then   echo >&2 "Error: searching PATH fails to find executables among: curl egrep grep ipset iptables sed sort wc"   exit 1 fi DO_OPTIMIZE_CIDR=no if exists iprange && [[ ${OPTIMIZE_CIDR:-yes} != no ]]; then   DO_OPTIMIZE_CIDR=yes fi if [[ ! -d $(dirname &q