Are there any monitoring tools that can monitor my network all the way from Layer 1 up to Layer 7?
From your question, I'd guess that this is second nature to you, but just as background, OSI is from ISO -- that is, the Open System Interconnection (OSI) basic reference model, which was created by the International Organization for Standardization (ISO).
The OSI seven layer model is an anchor often used for understanding the structure of network architecture. However, there are many contemporary network protocols that do not neatly fit into those seven layers. TCP/IP, managed by the Internet Engineering Task Force (IETF), runs through the synapses of the Internet. And IETF has never felt compelled to make TCP/IP conform to the OSI model.
From the perspective of monitoring, anchoring best practices on the OSI seven layer model can be extremely useful. For reference, here are the seven layers:
- Application layers (the upper layers)
- 7 - Application layer
- 6 - Presentation layer
- 5 - Session layer
- Data transport layers (the lower layers)
- 4 - Transport layer
- 3 - Network layer
- 2 - Data link layer
- 1 - Physical layer
Layer 1, the physical layer, is most apparent in patch panels. There are wireless physical layer protocols, too. Generally, a problem in the physical layer is, well, a physical problem. The most obvious is a disconnected cable, but backhoes, floods, and sunspots can also disrupt the physical layer. Monitoring at this level is often overlooked or considered impractical: enabling intelligence into the physical connections can be expensive since there are a lot of them. (There's one under my foot right now!) Managed patch panels generate data that can be integrated into monitoring systems.
At Layer 2, the data link layer, the raw bits that traverse the physical layer are organized into logical structures called frames. Layer 3, the network layer, is where ICMP and IP among other protocols take shape. At Layer 4, the transport layer, TCP is implemented, as are UDP and NetBEUI, and many more. Monitoring systems for these layers are prolific, in both commercial products and open source projects.
Many monitoring system implementations address only the lower layers. In many respects this is monitoring 101 -- if the lower layers don't work, nothing else will work. But just because the lower layers are working, it doesn't mean you can run your business. And even if your business is running, it doesn't mean your customers are happy.
Monitoring in the upper layers is necessary to support meaningful, business-oriented service level agreements. The best approach is sometimes called "end user application monitoring," in which the actions of a user are simulated by the monitoring system, and the response time and content of the target system are compared to thresholds. Errors, timeouts, or specific content can trigger messages to the monitoring system. There are both commercial and open source solutions that reach into the upper layers.
The one word answer to your question is "yes," there are monitoring systems that can help you from Layer 1 all the way up to layer 7. Getting all the way to the bottom and all the way to the top can feel like the last mile in a marathon. It takes careful planning and good engineering to implement monitoring mechanisms that are effective in troubleshooting, as well as remaining resilient to the inevitable changes that occur in the real world. But the commercial and open source tools available provide the structures you need to succeed.
This was first published in September 2007