Typically, network traffic represents the data or packets of data that travel through one or more computer networks at a given time. However, there are many other ways of looking at network traffic, primarily driven by their use cases and applications.
For instance, some network traffic types are categorized based on whether or not they are suitable for real-time applications — and you’ll recognize that most common web applications fall under this umbrella. Real-time network traffic enables live streaming, online gaming, web hosting, and more.
Alternatively, people primarily use non-real-time traffic for things like file downloads from browsers (HTTP downloads), torrents (Bittorrent), and NNTP news servers.
How network traffic flows
A computer network consists of a collection of machines and devices called nodes (which are computing devices like IoT, servers, modems, and printers), along with the paths that link those nodes together. The benefit of a network is to allow many computers to communicate with each other seamlessly.
Network traffic is essentially the data being sent from one location to another between source and destination devices. However, this data isn’t sent all at once. Instead, the network breaks it up into smaller batches known as data packets. This step makes the transmission process more efficient and reliable, especially when large files are involved.
Data packets represent units of data that constitute the network’s workload. Each packet comes with a header and a payload that contains the data meant for transfer. These packet headers act as metadata (including host and destination address information) that’s necessary to process the content.
A classic example of a network is the internet — a dispersed network of public and private IT infrastructure, linked computers, and devices that facilitate global communications.
Routing and path selection
Efficient routing ensures data packets take the best paths through a network, balancing traffic and maintaining smooth communication. Routers rely on predefined rules and network metrics like speed, capacity, and delay to select the most effective routes. They guide data packets using their headers to determine destinations, forwarding packets through multiple devices until the receiving device reassembles them.
Poor routing can increase network congestion, reduce reliability, increase latency, cause packet loss, and cause communication failures. Following best practices and computer networking fundamentals ensures that all of these bad outcomes are limited as much as possible.
Beyond path selection, routers also handle data forwarding and load balancing. Data forwarding moves packets to the next device along the chosen path, while load balancing prevents network congestion by distributing traffic across multiple routes, sometimes using redundancy to send copies of packets along alternate paths.
Quality of Service (QoS)
QoS is a pivotal mechanism for managing and administering network quality, helping to reduce packet loss, jitter, and latency — including determining traffic transmission priority. QoS is also instrumental in prioritizing and allocating sufficient bandwidth to critical network traffic.
For example, admins can use QoS to prioritize VoIP traffic on the network, ensuring that real-time communications like voice and video get the bandwidth they require. Without QoS, phone calls would compete with resource hogs like CRM software and large file downloads, leading to choppy audio and dropped calls.
Five types of network traffic
Once again, network types are broadly classified based on various factors, such as the direction in which their data packets flow, or the kind of traffic that passes through the network.
North-south traffic
Description: In practical terms, the traffic that flows between a client and a server is externally oriented, meaning it moves from an internal data center to an external client (and the rest of the network outside the data center’s perimeter).
As a result, north-south refers to traffic that enters and exits a network. It points to a vertical direction flow, typically coming from an organization’s IT infrastructure to a system — or to an endpoint that physically resides outside the network.
Traditionally, southbound traffic is data entering an organization’s data center, typically through a firewall or router acting as a network perimeter device. Likewise, data leaving the data center is called northbound traffic.
Main purpose: North-south traffic facilitates external client-server communications that drive the core of modern digital infrastructure and communications like the internet and cloud-based applications.
Main benefits: North-south traffic has grown astronomically with the advent of cloud computing systems and applications. As a result, the focus on north-south traffic has made organizations more vigilant at the ingress/egress point of data centers. This means there’s an increased urgency for validating external client requests, improving data security compliance, and protecting intellectual property.
Limitations/Problems: While this network traffic is effective for data transfer, its access to data from the outside world makes it more susceptible to security threats. Therefore, north-south network traffic is inherently more risky because it flows from outside of the corporate perimeter.
As a result, a network configuration like this requires close monitoring of incoming and outgoing traffic. It calls for investment in firewalls, Virtual Private networks (VPNs), and intrusion detection systems to mitigate malware, ransomware, and privacy issues.
Example: Any executive at a corporate office or engineer at a data center is likely to need access to relevant documents from their organization’s cloud account to do their jobs. To accomplish this, they can use secure remote access software, which creates an external client-server connection.
East-West traffic
Description: While north-south traffic is external in nature, east-west traffic is internal. The name was inspired by its horizontal or lateral nature, which you’ll often observe in traditional diagrams of local area network (LAN) traffic.
East-west traffic data packets originate, move, and terminate within the closed-loop servers of a data center. The most straightforward configuration for this consists of two hosts in the same subnet communicating with each other. However, another example of east-west traffic is when multiple routers on the same corporate network exchange table translation information to facilitate the seamless movement of data packets within the system.
Main purpose: The majority of traffic that traverses a data center is east-west. Since this traffic occurs within network segments between connected devices, it has been a big driver of cloud computing-related technologies such as virtualization and the Internet of Things (IoT).
Additionally, since east-west involves a business’s internal traffic, it also provides insight into how to connect to internal applications.
Main benefits: East-west traffic mainly constitutes internal data that flows within a network, so it is ideal for cloud computing environments.
It provides network administrators with advanced network visibility down to a granular workload to block the lateral movement of malicious actors, and it helps contain data breaches within a network.
With east-west traffic, you can use microsegmentation to reduce the attack surface of your applications and protect high-value targets. Since you are more in control of the east-west traffic within your data centers, this network segmentation allows you to isolate them into logical units and contain potential outbreaks. Subsequently, you can tailor individual security policies for these segments.
Limitations/Problems: Thanks to organizational preferences for private cloud and increased usage of virtual machines, the east-west type of network traffic is now the largest one. However, it can’t always be trusted by default simply because it occurs inside the network perimeter.
Moreover, internal systems and devices that carry vast volumes of data across many potential paths make security challenging. This requires organizations to implement zero-trust security.
Example: The most typical example of east-west traffic is when a client machine communicates with a server on the same LAN system in the data center. A server connected to other servers on the same site that’s used for backup and redundancy purposes also constitutes east-west traffic.
Best-effort traffic
Description: This kind of network tries to deliver packets quickly and fairly with an impartial approach. Therefore, best-effort traffic does not necessarily reflect the highest or top network quality — it simply does its best to deliver traffic in the most effective way possible.
Best-effort traffic provides the same network priority level, with all packets receiving the same status — albeit without guaranteed delivery.
In other words, the traffic isn’t deemed or considered by internet service providers to be sensitive or prioritized in QoS settings. Best-effort traffic bases its service on available network conditions. It doesn’t assume anything about the state of the network, so data packets are simply forwarded in the order they arrive at the router.
Best-effort traffic rules get applied when the network administrator hasn’t made any explicit QoS configuration or policies. Networks also end up using best-effort traffic when the underlying network infrastructure doesn’t support QoS.
Main purpose: Networks use best-effort traffic to treat packets as fairly as possible, ultimately trying to deliver traffic as quickly as possible without giving preferential treatment to any class of packets.
Accordingly, best-effort traffic is the default model on the internet. It is also the most common traffic type applied to most network applications.
Main benefits: Best-effort’s non-preferential treatment of packets provides predictability and a degree of guaranteed service. It aims to maximize the potential of available network resources according to the network capacities. Best-effort traffic operates with maximum efficiency and is highly scalable because the network isn’t burdened with recovering lost or corrupted packets.
Furthermore, in addition to being efficient, it is also cost-effective, providing reliable service while guaranteeing constant bandwidth — meaning no service will be interrupted because the network is overloaded.
Limitations/Problems: For some applications, best-effort traffic isn’t good enough. This is because a particular class of applications requires superior service and treatment in some special manner.
Example: Peer-to-peer applications like email applications use best-effort network traffic.
Voice traffic
Description: Voice traffic transmits packets containing audio data over a network, usually through legacy telephony or VoIP (Voice Over Internet Protocol) phone services. Whenever you are making a phone call over the internet instead of a landline, you rely on digital VoIP traffic to carry your call.
VoIP traffic demands relatively little bandwidth, but it needs a stable network connection — even small interruptions can be distracting during a real-time phone call.
For example, if the quality of service values degrade to the point where the jitter for voice traffic is below 30 milliseconds, the audio quality of calls will be affected in a noticeably negative way. Learn more about how to fix common VoIP issues on business networks.
Main purpose: Voice traffic facilitates the transmission of telephone calls and voice streams over a provider’s network.
Main benefits: Voice traffic allows businesses to increase their productivity in a variety of ways, resulting in smoother collaboration among team members and quicker issue resolution. It also allows organizations to run highly attentive and successful call centers.
Limitations/Problems: Voice traffic is more sensitive to network jitter and other common issues than data traffic. To function effectively, voice traffic requires high QoS priority compared to other types of traffic. At the end of the day, voice communication needs to be delivered in a continuous stream — because, unlike data, voice only makes sense in chronological order. Using a router designed for VoIP will help ensure you have the tools you need to accommodate voice traffic.
Example: Calls made over a modern business phone service that uses the internet, or over a legacy system using a SIP trunking provider.
Video traffic
Description: Video traffic is high-volume traffic that sends both sound and images simultaneously but doesn’t necessarily have to be delivered in real time. It represents one of the most commonly used forms of traffic in today’s society.
Video traffic has become ubiquitous on social media and entertainment platforms, with streaming sites such as YouTube and Netflix standing out.
In general, video traffic doesn’t require real-time use and it isn’t as sensitive as live voice data. As a result, it can tolerate some delays and packet loss. In other words, its high volume can compensate for simple traffic loss, making the video still appear clear and understandable.
Video conferencing — which is a prime example of interactive video traffic — shares many similar characteristics with voice traffic, with the only exception being that it demands plenty of bandwidth.
Keep in mind that the user datagram protocol (UDP) enhances the speedy communications required for video traffic. UDP uses connectionless communication that is loss-tolerating when transporting packets across networks. Moreover, speed and efficiency are UDP’s competitive advantages, making it an ideal video and real-time transmission protocol.
Main purpose: Video traffic plays a central role in business and entertainment. Business activities like advertising, videoconferencing, and online training all use video. In the entertainment industry, companies can broadcast, stream, and facilitate video traffic on demand.
Main benefits: There are many benefits and advantages of video traffic. Organizations use video to attract organic traffic on social media and other websites. This can directly lead to increased sales and conversion rates. Additional benefits include providing more visibility, increasing awareness, and building larger audiences.
Limitations/Problems: While its high volume is an advantage, video consumes significant network resources — which can be hard for some routers to handle. Consequently, video traffic requires plenty of network bandwidth resources and maintenance.
Network administrators have to make sure that their network’s video quality doesn’t degrade in terms of bandwidth and QoS standards. Otherwise, video streams can become unpredictable, blurry, jagged, and unwatchable.
Example: Whether categorized as interactive or streaming, examples of video traffic include video conferencing, unicast, and multicast streams.
Getting started with network traffic analysis
To secure your organization and guarantee optimum network performance, you must prioritize network monitoring and analyze traffic patterns to spot performance bottlenecks and potential security threats. Start off by investigating the best network monitoring software on the market to make sure you are making decisions with the best data possible.
Taking the following steps will allow you to monitor and analyze network traffic effectively:
- Gain deep knowledge of your network architecture: Different network traffic types have their own strengths and weaknesses that shape network traffic patterns and packet flows. Having this knowledge helps you map out your network topology and keep track of the data coming in and out of critical applications. Learn more about the best practices for network security architecture.
- Establish a baseline of performance: To get a better sense of your typical network patterns, you must identify your usual activity and the normal parameters of your network’s performance. This gives you a baseline of expected activity, which is super useful when your network traffic fluctuates. Learn more network management best practices.
- Establish increased visibility into network activity: Insight into network activity is a prerequisite for detecting abnormal and anomalous behavior. Network monitoring provides visibility so that unusual requests are detected early and the network is protected against developing threats. Learn more about how to secure a network and detect vulnerabilities.
- Prioritize network alerts: False positives are bound to occur in any monitoring system, so you must fine-tune the system to filter and prioritize minor and real threats. To accomplish this, your network monitoring system must provide the tools to define and configure alert notifications. Important factors include prioritizing alerts based on severity, host/device criticality, and pre-defined thresholds of allowable activity. Learn more about how to use network automation.
- Deploy machine learning: Signature-based solutions have proven inadequate to overcome zero-day and other nefarious network attacks. However, machine learning (ML) can detect and thwart zero-day malware after establishing a baseline of expected activity. Therefore, instead of relying on ineffective intrusion detection systems (IDS) for discerning threat signatures, the best choice is to use ML to first train itself on incoming HTTP/S requests so it can engage threats more forcefully in real time. Learn more about how to deploy machine learning models.
Keep in mind that the objective behind performing network analysis is not only for companies to gain technical prowess, but also to improve factors that allow them to monetize their products — like increasing website traffic and boosting core website statistics.
As such, network traffic analysis should be used in tandem with QoS tools to meet the different network traffic and application requirements of your IT infrastructure.