When you put Auvik on a network for the first time, the software automatically starts monitoring that network for more than 40 potential issues.
When Auvik finds an issue, it triggers an alert. Network alerts range in severity from emergency at the top all the way down to informational.
As you work with Auvik, you may see a lot of alerts coming your way. It’s obvious you need to deal with the emergency and critical network alerts. But what about the simple warnings and informational alerts?
Your first impulse may be to turn them off or turn them down. But wait!
These warnings shouldn’t be dismissed so quickly. In particular, I want to look at three fairly common warning alerts that could be pointing you to a bigger issue that’s brewing:
Network Alerts: There’s something going on here
If you’ve left the default thresholds for these three alerts, you’ll see notifications when:
- More than 10,000 packets have been discarded on a device within 5 minutes
- More than 10,000 packet errors have occurred on a device within 5 minutes
- Interface utilization on a device is over 80%
And if you look at the Auvik Knowledge Base articles for these alerts, you’ll see there are a lot of possible culprits—we list 23! For example, the alerts could be caused by:
- Misconfigurations that have existed for years but are finally being exposed
- Changes that were made to the network without your knowledge
- A poorly sized network connection that’s now reaching its limits
- A hardware or wiring issue, like an Ethernet cable that someone stretched just an inch too far
These are not things that should be ignored for too long. An unanticipated change to the network could create a rippling set of problems over time. A stretched cord is a big accident just waiting to happen.
Now’s your chance to deal with the issue when it’s still small.
Searching for root cause
So now what?
First, take a breath. Now let’s ask some questions to see if we can narrow the search:
- Is there only one alert that’s occurring, or are you seeing multiple different alerts that may be related?
- What types of devices are alerts affecting? Are the alerts limited to one interface or one device, or are they affecting devices across the network?
- What patterns do you see? Are there alerts that trigger every day at the same time? Or does the alert get triggered on the hour every hour? Some patterns are harder to see than others but try to take a high-level view to spot the trends.
- Did you get any client calls that coincided with the alerts? Maybe something about a dropped VoIP call, a laggy Wi-Fi connection, or a web page taking forever to load?
The answers will hopefully start to point you in the right direction. But alerts don’t always paint the whole picture, and now we may need to dig deeper to identify the root issue.
Look for changes. Did the configuration on the network recently change? Check device configuration history in Auvik for anything recent.
Look for misconfigurations. Did Auvik also alert you about a potential misconfiguration somewhere, such as an interface duplex mismatch or a VLAN with no interfaces?
Look externally. This is an especially good place to look when dealing with a client who uses many external applications or if the alerts come with a complaint that the internet is slow. It may an ISP issue. Use Auvik to check on ISP performance.
Making the fix
Once you’ve tracked down a cause and isolated a culprit, it’s time to put a fix in place. Ultimately, the resolution will vary based on what you’ve identified through your troubleshooting.
Keep in mind there may be multiple issues at play, and you may not resolve the issue completely in the first attempt. That’s OK—rinse and repeat based on the new evidence until you’ve got nailed.
Finally, if you’ve tried everything and haven’t uncovered the cause, don’t give up. If nothing else works, remember that data doesn’t lie. You might need to spin up a packet capture tool like WireShark and collect the traffic itself. The cause will be in there somewhere.