Today’s networks are actually faster than most of the network analysis and troubleshooting solutions available. The result? Greatly diminished network visibility. This becomes a significant impediment if you’re deploying 10G, which can be difficult to troubleshoot in the first place. But don’t despair! It is possible in 10G environments to achieve both real-time visibility AND historical network traffic storage for post-incident analysis. You can add clarity to your analysis by being specific and selective.
These three tips will have you seeing clearly:
1. Understand the network and the data you need to collect.
Do not blindly move forward and perform analysis without knowing what data matters most to your organization. It’s important to know exactly what you want to capture and what information is going to be beneficial for your analysis. Your requirements will likely vary between each network segment and you are probably going to have to capture data at several locations. The key is to use post-capture analysis and just save the data to a disk in real-time. Trying to capture and analyze simultaneously, in real-time, on highly utilized network segments can put too much strain on the system.
2. Capture only what you need.
There is a great temptation to try to capture and analyze everything because enterprises fear that the source of the problem is not immediately known. When it comes to 10G Ethernet traffic, analyzing every bit of data is nearly impossible due to the volume of data. However, if you know your network well enough, certain conditions can be immediately ruled out. By using these clues to limit the collection and analysis to only what is necessary, you can dramatically improve network analysis performance.
3. Revisit your limits.
Even after analysis has been streamlined to only essential areas of the network, data capture for network analysis on 10G networks generates a great deal of data quickly, and managing the data becomes a significant challenge. The data is typically stored for subsequent retrieval and post-capture analysis. The two most common formats are standard packet files and databases. In either case, two metrics to manage closely are file size and frequency of disk writes. If the files are too large they will be unworkable on the computer being used for analysis. Smaller files lead to more frequent disk writes, and this can rob the system of resources for performing the actual packet capture. Optimum performance is achieved with a balance of these two demands, and this is different depending on the hardware resources available. After a few captures, you can determine if either of these parameters can be better optimized for your system.
Alternately, network analysis solutions are available which write packets directly to disk, significantly increasing disk-write performance and overall throughput for capturing data for post-capture analysis. In cases where limits are difficult to define or implement, this is the best solution.
In the end, paying careful attention to detail when analyzing 10G network management systems will reward you with the analysis and troubleshooting results you desire.