When you have only one monitoring point that needs to perform both delivery and usage monitoring adequately, we recommend connecting your monitoring point at the distribution layer. This is typically an L2/L3 switch in a rack or server room.
For delivery monitoring, it’s actually the access layer that is ideal because it enables you to monitor the complete end-to-end application path. But, complete coverage of your network could become expensive if you need to monitor multiple subnets, since you’d need multiple appliances. In addition, position typically complicates the setup for usage monitoring. Usage monitoring requires mirroring aggregated traffic to the monitoring point, or allowing that traffic to pass through it. If that aggregation point is on a different floor, you’ll probably need to cable up to a patch panel.
A central deployment, on the other hand, places the monitoring point physically closer to the aggregation point. Your network setup will end up making more sense, and cabling for usage monitoring will be easier.
The trade-off with a central deployment, however, is that you’ll have cut delivery monitoring short, but there’s an easy workaround for this: set up two paths. Let one path target a device across your WAN link, and a let a second one a workstation on the LAN segment you’re missing.
Choosing an aggregation point: A VLAN trunk port or a router gateway are good choices. Make sure that the aggregation point you choose is before any address translation so that private IPs are viewable.
Deploying in the core: Consider the horsepower of your monitoring point before deploying at the core. An r40 and r400 has enough performance to keep up at a this layer, but other monitoring points don’t because they’re intended for branch office deployment where the traffic and flow rates are lower.
Positioning a software sequencer
Software sequencers don’t do usage monitoring, but we still recommend deploying centrally. This limits the number of sequencers you need on order to get complete coverage of your network. Rather than using multiple sequencers and monitoring end-to-end, you can deploy one centrally. Set up one path to monitor your WAN link, and then set up a few more to monitor back towards the end-stations on your LAN.