• Check Point
  • What AWS Outages Can Teach Us About Network Capacity Planning

What AWS Outages Can Teach Us About Network Capacity Planning

Network capacity planning is the ongoing process of determining that a network has the resources it needs to prevent an impact on business-critical applications. It is generally done to identify potential shortcomings, misconfigurations, or other parameters. These shortcomings can affect the network’s performance or availability within a predictable future time. 

One of the recent AWS outages that affected websites and users around the world was caused by capacity issues. The incident reminded us of how crucial network capacity planning is to service availability and business continuity. A wide range of Amazon services such as Prime Video, Alexa and Ring were impacted for many hours. High profile customers such as Facebook and Disney Plus saw downtime or significant performance degradation due to a large surge of connection activity that overwhelmed the network devices causing communication issues. 

Incidentally, our 2021 firewall survey also suggested that capacity issues were very common among organizations. 39% of network engineers said that they had experienced capacity issues in the past two years. In this blog post, we’ll delve into the type of network capacity issues and how Indeni helps you with network capacity planning. 

Firewall Capacity Planning

Firewall capacity planning is the process of determining that a firewall has the resources it needs to prevent an impact on business-critical applications. Whether you’re ensuring that there is enough bandwidth connected to the Internet or the firewall has sufficient resources to support the connections, you leverage capacity planning to identify shortcomings, misconfigurations, or other parameters that could affect the performance of a firewall within a forecasted timeframe.

Firewall Capacity Planning Best Practices

The basic outline of core capacity planning tasks is very straightforward. You just need to routinely work out the following three key tasks:

Collecting capacity-related information and storing historical data are essential. The key to capacity planning is to be able to set the level of granularity of reporting on key metrics and review them regularly. Formulating a custom report and email on a recurring basis can help you make capacity planning a routine.

Establishing a baseline is another key task. Baselining allows you to plan and complete upgrades before a capacity problem causes performance degradation. It is important to review the information regularly in order to identify the performance profile of individual devices. 

You will be expected to add on new applications and users. Getting a baseline upfront helps you implement any new requirement as the business evolves. By routinely recording the throughput of your firewalls will simplify future capacity planning exercises. 

Key Metrics for Firewall Capacity Planning 

System Resources

Performance problems are usually related to capacity, typically problems stem from the CPU and memory. You should be evaluating resource utilization during successive time periods and view resource utilization parameters for the last hour, last x-hour, day, week, month and year.

Bandwidth

Organizations trying to get ahead of capacity challenges can create these bandwidth usage reports to easily identify and track bandwidth trends over time. 

Concurrent Connection Counts

It is also important to track the number of users at all times to maintain stability. Indeni continuously assesses the number of concurrent connections against automatically-learned limits for the firewall. 

Proactive Notification to Track Trends

The ability to generate proactive notifications can provide advance warning for capacity limits. These notifications are the key to keeping your devices up and running. You want to create thresholds for key metrics using customizable performance metric values to alert you when metric levels cross threshold values. For example, one of the popular notifications is our ability to notify you whenever the concurrent connection count is approaching the device limit. 

Misconfigurations Cause Capacity Issues

Misconfiguration can cause unexpected capacity problems. It is possible that you may have accidentally disabled features that increase the performance of the firewall. For example, Check Point CoreXL and SecureXL are acceleration solutions that can cause significant performance degradation if inadvertently disabled. The ability to identify misconfigurations that could affect throughput of a device is an important element of capacity planning. Indeni has many built in notifications to catch capacity impacting misconfigurations. 

Summary

Network capacity planning is critical for business continuity and optimal application performance. Resource monitoring and capacity planning are two ongoing activities that go hand-in-hand. Indeni captures the very detailed network telemetry on your devices so you can start to plan for the future. To see what Indeni can do to improve how you can manage your capacity planning, sign up for a free trial today.

BlueCat to acquire LiveAction

BlueCat adds LiveAction’s network observability and intelligence platform, which helps large enterprises optimize the performance, resiliency, and security of their networks.