Identifying network traffic types is vital because it allows you to consider various facets of network quality. Though people use multiple classifications and terms to define network traffic, it’s broadly classified by direction, such as north-south or east-west traffic.
Typically, network traffic represents the data or packets of data that travel through one or more computer networks at a given time. However, there are many other ways of looking at network traffic, primarily driven by their use cases and applications.
For instance, some network traffic types are categorized based on whether or not they are suitable for real-time applications—and you’ll recognize that most common web applications fall under this umbrella.
In practice, real-time network types can offer the following services:
- Live streaming on platforms such as YouTube
- Gaming and online multiplayer programs
- Voice over Internet Protocol (VoIP) services and platforms such as Skype
- Web hosting (HTTP) and secure browsing (HTTPS)
- Executing SSH using bash terminal services
Alternatively, people primarily use non-real-time traffic for things like file downloads from browsers (HTTP downloads), torrents (Bittorrent), and NNTP news servers.
Network traffic and its impact on business operations
Network traffic types impact various metrics for businesses, especially elements related to QoS (Quality of Service), such as packet loss, jitter, and latency—which can affect usability, download speeds, and overall user experiences.
Businesses can also benefit from grouping network traffic because it makes it easier to analyze key performance indicators (KPIs) and diagnose common issues using web analytics as they arise.
Another way to categorize network traffic is according to the type of data transmitted, namely voice, video, or data.
Lastly, there’s also a categorization of best-traffic, which provides packets with consistent consideration, whether their priority levels call for it or not.
In other words, there is no one-size-fits-all way to look at network traffic, so it’s worthwhile for businesses to understand how it works through the lens of north-south, east-west, voice, video, and best-effort traffic.
How Network Traffic Works
A computer network consists of a collection of machines and devices called nodes (which are computing devices like IoT, servers, modems, and printers), along with the paths that link those nodes together. The benefit of a network, then, is to allow many computers to communicate with each other seamlessly.
Network traffic is essentially the data being sent from one location to another between source and destination devices. However, this data isn’t sent all at once. Instead, the network breaks it up into smaller batches known as data packets. This step makes the transmission process more efficient and reliable, especially when large files are involved.
Data packets represent units of data that constitute the network’s workload. Each packet comes with a header and a payload that contains the data meant for transfer. These packet headers act as metadata (including host and destination address information) that’s necessary to process the content.
A classic example of a network is the internet—a dispersed network of public and private IT infrastructure, linked computers, and devices that facilitate global communications.
Routing and path selection
There are different paths that network communications can take between nodes.
For effective network communication, data packets should be taking the best routes to ensure the traffic is spread evenly. This process of route selection is known as routing—believe it or not.
Path selection is vital during routing because it ensures that the most efficient path in the network is selected and used. To select the best path, routing uses predefined, predetermined rules and analyzes network metrics such as website speed, capacity, and delay.
Keep in mind that any lack of efficient and effective routing can result in network communication failures, creating worse user experiences with longer wait times for web pages to load.
Successfully implementing network routing requires a network router—believe it or not (again).
The primary work of a router is to ensure a smooth flow of data packets throughout the network. The router uses the header in the data packet to determine its destination, and network traffic is switched/routed across multiple devices until they are reassembled by the receiving device.
In addition to route selection, routers also perform data forwarding and load balancing functions. With data forwarding, the router passes data to the next device along a chosen path to its destination.
Load balancing, on the other hand, maintains adequate traffic volume so the network isn’t overwhelmed. Routers do this by implementing redundancy and sending copies of the same data packets to different paths.
Quality of Service (QoS)
QoS is a pivotal mechanism for managing and administering network quality, helping to reduce packet loss, jitter, and latency—including determining traffic transmission priority. QoS is also instrumental in prioritizing and allocating sufficient bandwidth to critical network traffic.
Understanding the correct QoS resources your applications require is important for optimal and predictable operation. Without adequate QoS control, your network data can easily become clogged and disorganized, risking performance degradation and even network shutdown.
Furthermore, organizations with poor QoS face additional risk of compromising their data integrity and security. Thus, it’s vital for companies to ensure they meet the voice, video, and delay-sensitive data requirements of the services and applications that occupy their network.
The Most Common Network Traffic Issues and How to Resolve Them
Understanding the issues, terms, and challenges that affect the network performance of each network type is fundamental for troubleshooting and improving them.
Network traffic travels in data packets. When you visit a webpage, for example, you receive a series of packets that allow you to access and view its contents. A packet typically has about 1,000 to 5,000 bytes of data.
Packet loss occurs when one or more packets fail to reach their destination, ultimately leading to performance degradation due to latency, bottlenecks, and other delays. Ideally, packet loss should stay under 1%.
Data packets are the currency of network traffic, and latency measures the time it takes a packet to travel from its source to its intended destination. In practical terms, it is the speed at which data travels, so checking it gives you a sense of the delay in your network communications.
Ideally, network latency should be as close to zero as possible, but practically, it shouldn’t exceed 150 milliseconds (ms) for VoIP communications.
Network jitter represents a variance, difference, or change in the amount of latency. In other words, it is the amount of time between when a signal is transmitted and when it is received.
Jitter often manifests as an abrupt disruption or time delay in your network connection, especially when it’s over, say, 30 milliseconds.
Some of the factors that can cause a network to become jittery include the following:
- Hardware problems
- Poor network capacity
- Network congestion
- Bad routing or route changes through networks
- Lack of packet prioritization
Jitter ultimately results in poor audio/video quality, typically identified by the following symptoms:
- Dropped packets and choppy calls
- Glitchy-sounding audio and blurry videos
- Buffering and video interruptions
- Background noises such as static or humming
While latency measures the time a data packet travels from one endpoint to another, bandwidth measures its capacity to do so. In practical terms, it reflects the capacity of a network to transmit or transfer a given maximum amount of data between two links or connection points, generally measured in bits per second (bps).
You can leverage the knowledge of QoS so your router can use bandwidth effectively to boost network quality, especially by providing high-priority applications with the required resources. One of the ways to do so is to place different traffic types in various queues and then configure your router to optimize bandwidth to meet appropriate service levels.
While bandwidth measures network capacity, throughput captures the amount or rate of data transmitted successfully through a network.
In other words, bandwidth simply measures network potential, informing you how much data could theoretically be transferred at any given time. Alternatively, throughput is more empirical, indicating how much data is actually transferred.
6 Types of Network Traffic
Once again, network types are broadly classified based on various factors, such as the direction in which their data packets flow, or the kind of traffic that passes through the network.
Description: In practical terms, the traffic that flows between a client and a server is externally oriented, meaning it moves from an internal data center to an external client (and the rest of the network outside the data center’s perimeter).
As a result, north-south refers to traffic that enters and exits a network. It points to a vertical direction flow, typically emanating from an organization’s IT infrastructure to a system—or to an endpoint that physically resides outside the network.
Traditionally, southbound traffic is data entering an organization’s data center, probably through a firewall, router, or network perimeter device. Likewise, data leaving the data center is called northbound traffic.
Main Purpose: North-south traffic facilitates external client-server communications that drive the core of modern digital infrastructure and communications like the internet and cloud-based applications.
Main Benefits: North-south traffic has grown astronomically with the advent of cloud computing systems and applications. As a result, the focus on north-south traffic has made organizations more vigilant at the ingress/egress point of data centers. This means there’s an increased urgency for validating external client requests, improving data privacy, and protecting intellectual property.
Limitations/Problems: While this network traffic is effective for data transfer, its access to data from the outside world makes it more susceptible to security threats. Therefore, north-south network traffic is inherently more risky because it flows from outside of the corporate perimeter.
As a result, a network configuration like this requires close monitoring of incoming and outgoing traffic. It calls for investment in firewalls, virtual private networks (VPNs), and intrusion detection systems to mitigate malware, ransomware, and privacy issues.
Example: Any executive at a corporate office or engineer at a data center is likely to need access to relevant documents from their organization’s cloud account to do their jobs. To accomplish this, they can use an interface or app that allows them to log in remotely—thus utilizing an external client-server connection.
Description: While north-south traffic is external in nature, east-west traffic is internal. The name was inspired by its horizontal or lateral nature, which you’ll often observe in traditional diagrams of local area network (LAN) traffic.
East-west traffic data packets originate, move, and terminate within the closed-loop servers of a data center. The most straightforward configuration for this consists of two hosts in the same subnet communicating with each other. However, another example of east-west traffic is when multiple routers on the same corporate network exchange table translation information to facilitate the seamless movement of data packets within the system.
Main Purpose: The majority of traffic that traverses a data center is east-west. Since this traffic occurs within network segments between connected devices, it has been a big driver of cloud computing-related technologies such as virtualization and the Internet of Things (IoT).
Additionally, since east-west involves a business’s internal traffic, it also provides insight into how to connect to internal applications.
Main Benefits: East-west traffic mainly constitutes internal data that flows within the walls of traffic, so it is ideal for cloud computing environments.
It provides network administrators with advanced network visibility down to a granular workload to block the lateral movement of malicious actors, and it helps contain data breaches within a network.
With east-west traffic, you can leverage micro-segmentation to reduce the attack surface of your applications and protect high-value targets. Since you are more in control of the east-west traffic within your data centers, this network segmentation allows you to isolate them into logical units and contain potential outbreaks. Subsequently, you can tailor individual security policies for these segments.
Limitations/Problems: Thanks to organizational preferences for private cloud infrastructures and increased usage of virtual machines, the east-west type of network traffic is now the largest one. However, it can’t always be trusted by default simply because it occurs inside the network perimeter.
Moreover, internal systems and devices that carry vast volumes of data across many potential paths make security challenging. This requires organizations to invest in zero-trust security segmentation.
Example: The most typical example of east-west traffic is when a client machine communicates with a server on the same LAN system in the data center. A server connected to other servers on the same site that’s used for backup and redundancy purposes also constitutes east-west traffic.
Description: This kind of network tries to deliver packets quickly and fairly with an impartial approach. Therefore, best-effort traffic does not necessarily reflect the highest or top network quality—it simply does its best to deliver traffic in the most effective way possible.
As a QoS model, best-effort traffic provides the same network priority level, with all packets receiving the same status—albeit without guaranteed delivery.
In other words, the traffic isn’t deemed or considered by internet service providers to be sensitive or detrimental to QoS metrics.
Therefore, best-effort traffic doesn’t guarantee effective data delivery but bases its service on available network conditions. Consequently, it doesn’t assume anything about the state of the network, so data packets are simply forwarded in the order they arrive at the router.
Best-effort traffic rules get applied when the network administrator hasn’t made any explicit QoS configuration or policies. Networks also end up using best-effort traffic when the underlying network infrastructure doesn’t support QoS.
Main Purpose: Networks use best-effort traffic to treat packets as fairly as possible, ultimately trying to deliver traffic as quickly as possible without giving preferential treatment to any class of packets.
Accordingly, best-effort traffic is the default model on the internet. It is also the most common traffic type applied to most network applications—though not the largest one.
Main Benefits: Best-effort’s non-preferential treatment of packets provides predictability and a degree of guaranteed service. It aims to maximize the potential of available network resources according to the network capacities. Best-effort traffic operates with maximum efficiency and is highly scalable because the network isn’t burdened with recovering lost or corrupted packets.
Furthermore, in addition to being efficient, it is also cost-effective, providing reliable service while guaranteeing constant bandwidth—meaning no service will be interrupted because the network is overloaded.
Limitations/Problems: For some applications, best-effort traffic isn’t good enough. This is because a particular class of applications requires superior service and treatment in some special manner.
Example: Peer-to-peer applications like email applications use best-effort network traffic.
Description: Voice traffic transmits packets containing audio data over a network, usually through ordinary telephony or VoIP phone services. With regard to QoS requirements, voice traffic demands relatively little bandwidth. However, its quality can still suffer if there’s significant delay or jitter.
For example, if the quality of service values degrade to the point where the jitter for voice traffic is below 30 milliseconds, the audio quality of calls will be affected in a noticeably negative way.
Main Purpose: Voice traffic facilitates the transmission of telephone calls and voice streams over a provider’s network.
Main Benefits: Voice traffic allows businesses to increase their productivity in a variety of ways, resulting in smoother collaboration among team members and quicker issue resolution. It also allows organizations to run highly attentive and successful call centers.
Additionally, if you leverage VoIP for your voice traffic, it’s possible to consolidate all of your communication technologies into a single, unified system.
Limitations/Problems: To function effectively, voice traffic requires high QoS priority compared to other types of traffic. At the end of the day, voice communication needs to be delivered in a continuous stream—because, unlike data, voice only makes sense in chronological order.
That said, voice traffic is generally more sensitive than data traffic and requires instantaneous delivery with low delay.
Example: Several types of telephony and voice carrier streams utilize voice network traffic, like VoIP.
Description: Video traffic is high-volume traffic that sends both sound and images simultaneously but doesn’t necessarily have to be delivered in real time. It represents one of the most commonly used forms of traffic in today’s society.
Video traffic has become ubiquitous on social media and entertainment platforms, with streaming sites such as YouTube and Netflix standing out.
In general, video traffic doesn’t require real-time use and it isn’t as sensitive as live voice data. As a result, it can tolerate some delays and packet loss. In other words, its high volume can compensate for simple traffic loss, making the video still appear clear and understandable.
Video conferencing—which is a prime example of interactive video traffic—shares many similar characteristics with voice traffic, with the only exception being that it demands plenty of bandwidth.
Keep in mind that the user datagram protocol (UDP) enhances the speedy communications required for video traffic. UDP uses connectionless communication that is loss-tolerating when transporting packets across networks. Moreover, speed and efficiency are UDP’s competitive advantages, making it an ideal video and real-time transmission protocol.
Main Purpose: Video traffic is used in a vast array of multi-faceted scenarios, achieving a central role in business and entertainment.
Business activities like advertising, videoconferencing, and online training all use video. In the entertainment industry, companies can broadcast, stream, and facilitate video traffic on demand.
Main Benefits: There are many benefits and advantages of video traffic, and it represents as much as 70% of global mobile traffic.
Organizations use video to attract organic traffic on social media and other websites. This can directly lead to increased sales and conversion rates. Additional benefits include providing more visibility, increasing awareness, and building larger audiences.
Limitations/Problems: While its high volume is an advantage, video consumes significant network resources and can tend to be bursty—which can be hard for some routers to handle. Consequently, video traffic requires plenty of network bandwidth resources and maintenance.
Therefore, network administrators have to make sure that their network’s video quality doesn’t degrade in terms of bandwidth and QoS standards. Otherwise, video streams can become unpredictable, blurry, jagged, and unwatchable.
Example: Whether categorized as interactive or streaming, examples of video traffic include video conferencing, unicast, and multicast streams.
Network Traffic Analysis and How to Do It (the Right Way)
To secure your organization and guarantee optimum network performance, you must prioritize network monitoring and analyze traffic patterns to spot performance bottlenecks and potential security threats.
Taking the following steps will allow you to monitor and analyze network traffic effectively:
- Gain deep knowledge of your network architecture: Different network traffic types have their own strengths and weaknesses that shape network traffic patterns and packet flows. Having this knowledge helps you map out your network topology and keep track of the data coming in and out of critical applications.
- Establish a baseline of performance: To get a better sense of your typical network patterns, you must identify your usual activity and the normal parameters of your network’s performance. This gives you a baseline of expected activity, which is super useful when your network traffic fluctuates.
- Establish increased visibility into network activity: Insight into network activity is a prerequisite for detecting abnormal and anomalous behavior. Network monitoring provides visibility so that unusual requests are detected early and the network is protected against developing threats.
- Prioritize network alerts: False positives are bound to occur in any monitoring system, so you must fine-tune the system to filter and prioritize minor and real threats. To accomplish this, your network monitoring system must provide the tools to define and configure alert notifications. Important factors include prioritizing alerts based on severity, host/device criticality, and pre-defined thresholds of allowable activity.
- Deploy machine learning: Signature-based solutions have proven inadequate to overcome zero-day and other nefarious network attacks. However, machine learning (ML) can detect and thwart zero-day malware after establishing a baseline of expected activity. Therefore, instead of relying on ineffective intrusion detection systems (IDS) for discerning threat signatures, the best choice is to use ML to first train itself on incoming HTTP/S requests so it can engage threats more forcefully in real time.
Keep in mind that the objective behind performing network analysis is not only for companies to gain technical prowess, but also to improve factors that allow them to monetize their products—like increasing website traffic and boosting core website statistics.
As such, network traffic analysis should be used in tandem with QoS tools to meet the different network traffic and application requirements of your IT infrastructure.
The existence of different network traffic types makes it evident that all networks aren’t created equal, so it’s important to know and use what’s in your QoS toolbox to optimize your network traffic.
Look out for tools that help you with the following:
- Queuing: This enables packet prioritization by routers and switches. It also ensures that network gatekeepers like your firewall. Congestion management—which applies queuing algorithms to resolve congested interfaces—is used alongside queuing.
- Congestion avoidance: This tool shuts down router traffic buildups before they get out of hand. It keeps your network traffic balanced by identifying devices and applications with the highest risk of consuming massive traffic bandwidth and then preempting the buildup.
- Classification and marking: This allows you to identify different traffic types, label them, and split them up into other classes according to behavior—which allows you to prioritize them better.
- Traffic shaping and policing: This combination of tools helps you rate-limit your network traffic and regulate traffic flow. For instance, traffic shaping retains excess packets in the queue and subsequently schedules them for transmission at a later time. Meanwhile, policing works to drop excess network traffic once the configured maximum is reached.