Six Tips for Analyzing 10G Ethernet Traffic

Enterprises and data centers can now easily and cost-effectively upgrade their network infrastructure to 10GigE. If you have plans to make the switch, or perhaps you have already done so, below are six tips for successful 10G network analysis.

1. Match network analysis requirements with the appropriate network
analysis techniques

Before commencing any network analysis task, it is important to understand what you hope to accomplish. This is a great time for making and archiving some baseline measurements, whether on specific network traffic like HTTP or key business applications, or the network as a whole. Filtering and periodic statistics recording are the best techniques for isolating data for
baselines. Is the network slow? Are you receiving alerts? This is the time to start troubleshooting. Running multiple captures with different focuses and turning on key Expert analysis modules (if you didn’t already have them enabled) are excellent techniques to use in troubleshooting.

2. Ensure you’re collecting and analyzing the data you expect

Networks are busy places, and the higher up the stack you analyze the more data you need to sift through. Before diving into detailed analysis, step back and make sure you’re collecting the data you need. Start with high-level views, like node, protocol and statistics summaries. Compare these to established baseline data to make sure nothing has changed, either in your environment or with your data collection settings. Only after convincing yourself that the basic data is in place and being collected and analyzed should you embark on detailed analysis and drill-down of the data.

3. Learn to work within the hardware limitations of network analysis

Networks are getting faster. 10 Gigabit deployments are becoming more and more common, and this will put a strain on any network analysis software or network appliance. The key here is the analysis. The packets can obviously be moved and possibly even stored at line rate, but to analyze means to interrogate every packet as well, creating competition for precious processor and memory-buffering resources. If you need to analyze in real-time, embrace the fact the in-depth, real-time analysis at 10Gbps is just not feasible with current hardware solutions. Take advantage of solutions on the market today that receive 10Gbps line-rate traffic and separate the data into more manageable streams for analysis, typically 1Gbps data streams. Then you can comfortably and confidently accomplish the real-time analysis you require.

4. Optimize data collection settings to meet the demands of your
network and your analysis solution

Network analysis, is a compromise. In most cases, your most significant compromise in network analysis is depth of analysis versus the throughput of data you hope to analyze. The greater the analysis load, the lower the throughput that can be analyzed without dropping packets. Fortunately you are not typically analyzing everything simultaneously. For example, if you’re monitoring a heavily used gig interface, you don’t need any wireless analysis, so why not turn the wireless analysis module off and benefit from the increased performance? Not running VoIP or video on that interface, or there’s no problem with VoIP or video right now? Turn off VoIP and video analysis modules, again improving the performance of what you do wish to analyze that much more. Only interested in post-capture analysis? Then turn off all analysis modules. You can always turn them back on when you go back to analyze the data. That’s why there’s the option to enable and disable the functions.

5.Use advanced settings like hardware filtering and time stamping to your advantage

Certain functions that are critical in performing network analysis, like establishing the time each packet is captured from the network or filtering certain categories of network traffic, can be accomplished within some network interface cards themselves. This means the functions are performed in hardware, making them much faster, and relieving the network analysis  software of some of the processing burden. Taking advantage of advanced features available in hardware should always be seriously considered when purchasing network interface cards for use in network analysis.

6. Determine the proper placement of network analysis probes to
ensure network management and troubleshooting success

Collecting network data for analysis at multiple locations is always best. You’ll get the most accurate results, and more collection points implies greater granularity in analyzing conditions like network response time. The same holds true for VoIP analysis. Collecting data at both ends of the call, at least for your internal phone traffic, can help you identify the  source of VoIP deficiencies much more quickly. But increased collection means more appliances and more cost. Each network is different, and your analysis needs undoubtedly have unique elements. Only you can make the trade-off between collection points and cost. At a minimum, capturing data for analysis at core routers and WAN connections is essential. From there, it becomes a cost-benefit analysis to determine how deep and how wide into the network you go.

WildPackets is in the business of providing network analysis software, so if you have any questions about 10G, wireless, 1G, etc – get in touch, we’d love to help out.

Leave a Reply