pointer

Monthly Archives: October 2010

Slow Network, Slow Application or Slow Server?

Posted on by .

    One of the biggest gripes heard by company network administrators is that the network is slow. In February, we provided tips for determining whether the network or the application was to blame for latency. IT folks have engaged and continue to engage in the debate around what is to blame for slow performance – the application, the server, or the network? This “blame game” has gone so far as to create real animosity in some organizations among developers, sys admins, network administrators, and end users. True story – the WildPackets professional services team occasionally is summoned by customers to do nothing more than settle these arguments.

    While the answer to the question “What is to blame for slow network performance?” obviously depends on a case-by-case basis, we can provide with certainty four reasons for a slow network:

    1. Overall network utilization

    Network utilization is the ratio of current network traffic to the maximum traffic that the port can handle. When network utilization exceeds the ceiling under normal conditions, the result will be low transmission speeds, intermittence, and request delays — in other words, a slow network. High network utilization can stem from a number of sources, but some obvious culprits caused by end users include music, video downloads and video streaming.

    2. Devices on the network consuming a considerable amount of bandwidth

    Almost every network has unnecessary traffic. Some devices (especially printers) support stacks and protocols that aren’t in use in the environment. Often, WLAN traffic has not been pruned. Sometimes, protocols that help manage the network, like routing protocols, SNMP, etc., can be found on those WLANs without any purpose, eating up available bandwidth, again, with no benefit.

    3. Overall health of the network (in terms of broadcast storms)

    Since the network is dynamic, it is critical that organizations consistently review network activity. Businesses should verify that the processes and/or devices architected are accomplishing what they need to and that the overall network profile has not changed. It is very important to see new trends approaching and make changes to the network to account for behavioral changes in an organization’s user communities. If not, organizations could unknowingly become victims of broadcast storms where the network is overwhelmed with constant broadcast or multicast traffic that can lead to a complete loss of network connectivity as the packets proliferate.

    4. Particular ports or new applications that have been introduced to the network

    Every organization will have different priorities. In fact, each network segment may have different protocol priorities because of the specific applications that traverse those segments. Certainly, the top application (based on business importance) on the sales segment will be different from the top application on the marketing segment. Those application protocols need to be handled in terms of importance on each segment. But, when those protocols get to the same wire at the core or elsewhere, it is important that they still respect other segments’ needs. After all, applications are the primary reason organizations invest in networks.

      Network Analysis in the Cloud

      Posted on by .

        In an earlier post, we discussed whether cloud computing will lead to the demise of network analysis. That is, since applications are being run on third party infrastructure, monitoring one’s own network to maintain a functional system within the enterprise seems somehow less pertinent. We maintain that while moving to the cloud will alter current network analysis processes and priorities, a solid network is still essential for handling communication between users and applications. In Essence, only the focus of network management and analysis changes, not the need. Instead of managing infrastructure, organizations manage service availability and performance.

        So, how must an organization approach “anaylzing” its network within the context of a cloud environment? Before moving to any new environment, cloud or otherwise, consider baselining and security issues.

        Baselining - It is essential to establish clear, long-term baselines before transitioning an application or applications to the cloud. Baselining involves recording network traffic and performance, saving it for future reference and/or reviewing it to see traffic patterns. Once baselines are saved, they can be used as a benchmark with which to  compare other traffic patterns. By identifying baselines, organizations can then verify the performance of transactions that cross multiple applications, which is key in a new cloud environment. Additionally, once organizations are aware of their own network performance baselines, they can better test and validate cloud vendors claims and SLAs.

        Security – Organizations need to closely monitor their third party cloud providers with whom they have entrusted the storage and processing of highly sensitive data and applications. The cloud vendor’s security policies and procedures should be understood and the appropriate test processes should be implemented within the organization to ensure these policies are not violated.

        The changes in network analysis in a cloud environment are like rearranging furniture. You still have the plumbing and the pipes, so whether the server is located in someone’s office or around the world, the network still needs to be monitored and analyzed. Transitioning to the cloud for any business is evolutionary, but sufficient network analysis will further support any company’s success in implementing this technology.

        For a more in-depth discussion of how cloud computing impacts network analysis, check out WilldPackets’ free one hour on-demand webcast titled “Cloud Computing - the Demise of Network Analysis?”

          Network Security: 5 Key Questions a True Solution Should Address

          Posted on by .

            Network Security: 5 Key Questions a True Solution Should Address

            Over half of the industries linked to national security have suffered cyber attacks on their networks, according to a new Symantec study. Yet only one-third of critical industries “feel extremely prepared” for cyber-related attacks. 71 percent of network security operations managers said that their companies have inadequate cyber security protection, according to another recent report.

            Why is this? The truth is IDS/IPS systems and other security solutions fail to provide network engineers with the details they need to locate and correct the source of an attack. Without detailed network analysis, security solutions are incomplete. A network recorder is one of the most common tools used today to record all the data throughout a cyber attack. With this approach, post-event analysis exposes the attacker, method, and damage.

            Firewalls and other perimeter defenses do not provide enterprise networks with the protection they need from viruses, DoS attacks, and other forms of malware. Especially in the age of mobile users, laptops, and wireless networking, the danger facing networks often comes from the inside.

            The recent Stuxnet worm showed it is possible for attackers to carry out a “first strike” through a cyber attack. With the entire attack recorded, organizations are more likely to prevent similar attacks from happening in the future.

            Here are five key questions a true cyber security solution should address:

            1. Who was the intruder?

            2. How did the intruder penetrate security?

            3. What damage has been done?

            4. Did anything get left behind?

            5. Did you capture sufficient information to effectively analyze and reproduce the attack?

            While data recorders will not prevent a zero-day cyber-attack, the information they provide can lead to an informed and efficient security posture within an organization. It is more important than ever that organizations arm themselves with knowledge about cyber security and specific solutions before they become the next victim of a malicious attack.