pointer

Monthly Archives: June 2011

Tackling a 3-headed beast – Latency, Jitter, and Packet Loss – for VoIP and Video

Posted on by .

    VoIP monitoring and troubleshooting are now table stakes for any respectable network analysis system, and video monitoring is quickly becoming so as well as enterprise networks get bogged down under the weight of streaming video, often for extracurricular reasons. Fortunately VoIP and video over IP share an important characteristic – both are real-time protocols with unique network performance requirements. When your quest is problem-free VoIP and Video experience for your end users, you must tackle and slay Latency, Jitter, and Packet Loss.

    Latency
    You’re probably already familiar with latency. Ever watched the news and listened to a story being broadcasted from the other side of the world? As the signals get bounced from satellite to satellite and, ultimately, to your TV’s receiver, the delay might cause the news anchor and correspondent to interact out of sync. A person who is listening expects to hear the other’s voice in certain amount of time; when this doesn’t happen people start talking over each other. This can happen on your network as well. These delays cause the conversation to come off as unnatural and callers feel like they must “push to talk” or say, “over” to control the conversation and let the other person know that they have finished their thought.

    The bright side is that packet-based analysis can measure latency, letting you know whether or not excessive latency is an issue on your network. This way, a network administrator can identify the problem in real-time and solve it before latency issues get worse. How long is too long? That’s somewhat dependent on each situation, but certainly latencies of 100 msec or longer are cause for concern, especially if they are common. In extreme cases, prolonged latencies can cause serious degradation to VoIP calls, including missing words or phrases.

    Jitter
    Jitter doesn’t have the same simple, real world example as latency, but its effects are just as real. Jitter causes static and other audio anomalies, like stuttering, uneven audio and abnormal speech rhythm, in VoIP calls. Jitter is caused when the data packets that make up the VoIP call are not delivered at regular intervals to the receiver. Regular delivery of IP packets is required for the final digital to analog conversion at the receiver to work correctly. A typical receiver expects packets to be delivered every 20 msec, no more and no less. When the packets start to deviate from this expected delivery sequence, jitter happens.

    Jitter can be even more detrimental in multimedia systems. With jitter, videos become jerky or irregular and very difficult to watch. If jitter levels become too high, packet loss can result, with a resulting loss of data.

    Packet Loss
    And speaking of packet loss, it is just as the name implies. Some packets, meaning some critical media data, never make it to the receiver. Packet loss causes missing sounds, syllables, words or phrases. DSP algorithms may compensate for up to about 30 ms of missing data, but anything more and the algorithms can’t compensate for the data loss.

    Real-time protocols like VoIP and video are much more susceptible to packet loss than traditional network data, since there is very little cushion to wait for missing data or to put out-of-order data back into the right sequence. After about 150 msec or so, any data that is missing or out of order is essentially lost forever, since there is no way to properly reconstruct and maintain the real-time data stream, and this creates gaps (packet loss) in the data.

    Gaps of more than 30 msec are noticeable to listeners. An average person speaks at a rate of 200 words per minute. That translates to about 3.33 words/sec = 300 ms per word. For G.711, we would need to lose 15 consecutive RTP packets to lose a whole word. Dropping 15 packets/sec for G.711 would be a loss rate of 30%, but losing only a few packets can still be very noticeable. As a general rule of thumb, loss of more than 2 consecutive packets will be heard. Loss rates > 2% will have a strong impact on quality. Losses of 5-10% make calls all but intolerable. Another good rule of thumb is that bursty periods of packet loss are worse than more dispersed loss.

    These problems are very common and as more companies move their communication systems onto digital networks, they will only happen more frequently. It is important to have network monitoring and troubleshooting solutions that provide full visibility into all the types of data streaming on your network.

      Practice Safe Networking: Considerations for Choosing Troubleshooting Solutions

      Posted on by .

        The network is like a circulatory system, with the packets as the blood cells which carry markers that indicate when one of the subsystems isn’t doing what it’s supposed to be doing. In the case of a network, the symptoms seen by the broader organization are typically slow response times or interruptions in accessibility.

        The best technology solutions allow a network administrator to rein in their networks and allow for maximum up-time by providing definitive visibility coupled with an efficient work flow. This coupling requires tight integration between monitoring and troubleshooting capabilities. A clear, graphical presentation of monitoring data is an ideal starting point, but the ability to drill down to lower levels of detail to solve difficult problems as needed is the real kicker. Further, real-time information must be paired with a sufficiently rich historical data store. When this is done, the context of conditions that lead up to an incident can be properly included in the analysis process, allowing intermittent problems to be found and studied in sufficient detail without having to wait for a recurrence before beginning analysis and resolving.

        There are many technology options for performance monitoring and management. Some start with high-level data, typically traffic volume or quality metrics, and stay there. The result is grand vistas of the managed environment, but limited help with where to turn when performance problems occur. Others start with the lowest level of data, such as network packet traces, and stay there. The result is you often get everything you need to analyze problems, if you happen to be in the right place to capture a trace in the first place. The trick is to find a solution that provides definitive actionability, but can also let you see the larger managed network environment and how it all fits together.

        The next area of consideration when planning your network monitoring system is the need for comprehensive coverage – considering both breadth and depth in order to deliver the best possible value. A performance monitoring architecture exhibiting adequate breadth must draw data from multiple points across the service delivery infrastructure. In topological terms, this means establishing measurement points in the core, distribution, and access layers. In architectural terms, this means instrumenting data centers, WAN provider edge points, internet and customer connection points, and branch facilities. Within core networks, and in particular within data centers, solutions must be able to support very high capacity technologies, including Gigabit and 10 Gigabit Ethernet.

        A special mention is needed here about monitoring wireless access networks. With security concerns steadily declining due to improvements in technology and practice, wireless network access is becoming the norm. What this means for the average operations team is that they need to become savvy in managing performance within the wireless realm. Wireless poses many challenges for organizations, which may have tools for rollout and administration of access points, but no means for troubleshooting issues that occur within this new access layer. The answer is to find products that are designed to bring the network performance viewpoint into the wireless realm (as much as is readily available in the wired world today). Ideally, those tools should be the same ones you are using on the wired side of your networks, so there is no discontinuity or learning curve when moving from one domain to another.

        Lastly, it is essential to adopt performance monitoring and management strategies that are inclusive of all types of traffic that will be present within the service delivery infrastructure at any point in time. This means not just Web traffic, but file transfers, routing protocol updates, IP voice traffic, client-server, database queries, transactions, video streaming, and protocols specific to industry verticals, such as financial trading or utility infrastructure controls. Without such comprehensive views, the interaction between various network-attached devices and applications cannot be fully understood, and hence the ability to troubleshoot all potential performance problems will be reduced.

          Avoid a PR Nightmare – Two Tips for Responding to Data Breaches

          Posted on by .

            It’s almost summer and it appears to be that time again – time for cyber security to dominate the headlines: EU agreed to create a cybercrime unit; Citigroup announced a data breach affecting 200,000 Citibank credit card accounts in North America (1% of its credit card customers); and in brighter news, three people suspected to be responsible for the April denial-of-service (DoS) attacks on Sony were arrested.

            Financial institutions and governments aren’t the only ones susceptible to attack. Sony is frequently in the headlines, its name linked with “leaks,” “hacks,” and ‘breaches” – a PR nightmare. In 2009, Sony couldn’t keep its product roadmap a secret, with Engadget posting leaked photographs of the PS3 Slim and Sega of America publishing meeting notes. This April, the PlayStation Network was hacked and taken offline. A few days later, Sony was in the news again: a compromise of Sony Online Entertainment that affected 24.6 million customers. To put this in perspective, Sony’s recent breach affects 120x the number of people impacted by the Citigroup breach. Analysts estimate the cost of the breach to Sony to be between $1.6 million to $1.25 billion.

            Here are two things you can do today that will improve your ability to respond to breaches.

            1. Review and update your processes.

            According to a July 2010 study by Verizon Business RISK team, 67% of network breaches were aided by significant errors, with 87% considered avoidable through simple or intermediate controls. Are your processes up to snuff? Are your employees following them? Is it time for retraining?

            2. Record the breach.

            Your Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) can alert you to a security attack or block a repeat attack. But what if you find out about the attack when you’re not watching or after the fact? If you weren’t recording your network traffic, you may miss valuable data. Network recorders, such as the TimeLine Network Recorder, are appliances designed to capture, store, analyze, and mine high speed network traffic. With the recording you can determine exactly how an attack happened, what damage has been done, and perhaps even the source of the breach.