Skip to main content

 

Splunk Lantern

Network router data

 

If switches are network intersections, then routers are the signal lights and traffic cops — the devices responsible for ensuring that traffic goes to the right network segment. Unlike switches that operate at Layer 2, routers work at Layer 3, directing traffic based on TCP/IP address and protocol (port number). Routers are responsible for particular Layer 3 address spaces and manage traffic using information in routing tables and configured policies. Routers exchange information and update their forwarding tables using dynamic routing protocols.

Network router data refers to the information generated, processed, or transmitted by a network router. A router is a networking device that forwards data packets between different networks, making routing decisions based on destination IP addresses, routing tables, and network policies. Router data provides insights into the performance, configuration, traffic, and security of the network. This data is essential for network management, monitoring, and optimization, helping administrators troubleshoot issues, ensure efficient data flow, enforce security policies, and maintain compliance.

Common protocols for retrieving router data include SNMP, NETCONF, RESTCONF, and Syslog. Router data can be accessed through CLI commands, REST APIs, SNMP, or network monitoring tools like SolarWinds, Cisco DNA Center, or Nagios. Router data is integrated into network monitoring systems, SD-WAN controllers, and software-defined networking (SDN) platforms for automation and optimization.

Network router data typically includes:

  • Routing table data: Information about the routes the router uses to forward packets
  • Traffic flow data: Data about the volume and type of traffic passing through the router
  • Interface statistics: Data related to the operational status of the router's network interfaces
  • IP address assignment data: Data about IP addresses managed by the router
  • Routing protocol data: Data generated by routing protocols used to exchange route information
  • Network events and logs: Logs generated by the router for monitoring and troubleshooting
  • Firewall and security data: Data related to security policies and firewall rules enforced by the router
  • Quality of service (QoS) data: Data about traffic prioritization and bandwidth allocation policies
  • CPU and memory usage data: Information about the resource utilization of the router
  • VPN data: Data about virtual private network (VPN) connections managed by the router
  • SNMP monitoring data: Data collected via simple network management protocol (SNMP) for monitoring
  • Firmware and configuration data: Data about the router's software and configuration
  • Network topology and neighbor data: Data about neighboring devices and network topology
  • Bandwidth utilization data: Data about how bandwidth is being consumed on the network

Sensitive router data (for example, routing tables, firewall rules) must be protected from unauthorized access to prevent attacks or misconfigurations. Routers collect the same sort of traffic logs and statistics as switches; thus, their data is equally valuable to security teams as a source for flagging advanced persistent threats, analyzing traffic flows for unusual activity and identifying potential data exfiltration. As a wire-level data source, router statistics are almost impossible to spoof and thus a critical source of security data. Router data can also be used to detect configuration changes, and error or failure alerts correlating with security indicators.

Network engineers use router logs and statistics to monitor traffic flow and ensure that traffic is being correctly forwarded between network segments. Data from routing
protocol updates can show whether your routers are appropriately exchanging route tables with other locations, that external traffic can reach you, and that internal traffic is correctly forwarded to external routers.

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: