Category Archives: Network Managment

Sniffing Out Your Network’s BYOD Problems

Bring Your Own Device (BYOD) is here to stay. Why do we say this? We’ve noticed it in our own customers’ habits, through surveys, and most importantly in our own behavior.

SC Magazine recently reported on a survey from Sophos Labs on the number of mobile devices per person per country. The US ranked second at 3.0 devices per person, with Germany taking the lead at 3.1. In another recent survey from OVUM, one third of employees reported that they are using their personal device to do work without informing their IT department. So, even if employers strictly forbid BYOD, employees are accessing data on their personal devices.

Whether you are actively trying to create a BYOD policy or trying to squash it altogether, you should have a plan in place to ensure that BYOD is not hogging bandwidth or introducing security risks on your network. Here are a few really easy steps to help sniff out BYOD problems that are, or could be, lingering on your network.

Create a Wi-Fi SSID specifically for mobile devices
This provides folks with an easy way to access the Internet, but not the internal network, which is what most users want anyway. Why do we like it? It’s a simple, proactive step that shows that IT is working with users and reacting to their needs. And if access to internal networks is necessary, it is quite easy to set up VPN access over this dedicated Wi-Fi network, giving employees the access they need for mobility while providing a single point of management for mobile users.

Manage access to the network
Once you’ve established a dedicated entry point for your mobile users, the next step is to manage their access. First, you can decide whether or not you want security on this network, whether for the users’ protection, the company’s protection, or both. We strongly recommend the use of strong wireless security, like WPA2, but issues like simplicity of guest access may factor into your decision. Perhaps you’ll want to offer several dedicated Wi-Fi networks, one for your trusted corporate users with WPA2 and one that’s open for guests?

Again, requiring VPN access for your corporate users is key if they are going to access company assets, whether data or applications. It’s best to set up a VPN structure that is separate from overall wireless security, since you can’t guarantee that users will always be using the dedicated corporate wireless network. When traveling, your mobile employees will still demand access, even over untrusted wireless networks like those in hotels and coffee shops. Your best defense is to always require a VPN connection to access corporate data.

Track Mobile Users
Once you’ve committed to working with your mobile employees you’ll want a way to track their access and usage so you can continue to respond to their network needs based on accurate data. The best way to do this is with a packet-based wireless network (WLAN) analysis solution. There are two main approaches when using such a system.

The first approach is by using portable analysis for troubleshooting and routine baseline measurements. With a portable solution you simply put the analyzer in the area to be monitored and let it run. Portable analysis can show you who is accessing your network, how much bandwidth they are using, as well as the applications they are running. The flexibility of this technique makes it perfect fit for the uncertainties of managing mobile devices.

The second approach is to use packet-based network recording. The software and analysis in this approach is similar to that for portable analysis, but in this case you record all wireless network traffic, at the packet level, for detailed analysis at a later time. Network recording allows you to be more flexible, and more responsive, to network problems, and it also allows for detailed usage-level analysis, including policy compliance. Network recording requires the deployment of dedicated probes that collect wireless network traffic 24×7.

Regardless of your approach, keep in mind that mobile access is quite different from wired access, so monitoring and troubleshooting techniques need to adapt to this new workflow. One key area to address is roaming. Given the limited range of a single access point, typically a few hundred feet within buildings, mobile users move from access point to access point as they move around the WLAN. This is called roaming. At the protocol level, a roam is a fairly complex transaction, and it exposes the users to short periods where no network is available. Typically these periods are no more than a few hundred milliseconds or less, and the users continue to work just as if nothing happened. But roaming is one of the key contributors to WLAN connectivity issues, so effective monitoring for roaming is very important.

As a network administrator, troubleshooting roaming issues can be complex because a roaming user moves from one AP to another as well as from one channel to another. To effectively analyze roaming events you need a WLAN analysis solution that monitors multiple channels simultaneously, and compiles the data into a single analysis session. This allows you to track the movement from one channel to another and report the time it takes for the user to make the transition. Roaming events can simply be logged, or tracked by AP or station, which greatly simplifies roaming analysis and quickly identifies problem areas.

Sniff out Rogue Users
Even with strong security and user access control in place you will still have rogue devices connecting to your network. These could be just new devices from trusted employees, or they could be true security threats from hackers. Packet-based wireless network analysis is also very helpful in identifying rogue users, regardless of their intentions. First, you can specify which devices are trusted based on previous network scans, making it very easy to isolate new users or devices on your WLAN. Also, common devices like iPads, iPhones, or MacBooks have a unique signature and are easy to identify within a network, making it easy to see not only who but what is accessing the WLAN. Once a rogue is identified, a few minutes of watching network behavior based on a filtered view of just that user will indicate the user’s overall intentions, allowing you to indicate friend or foe and guiding your next steps.

As the Borg says “Resistance is futile”, so embrace BYOD. Working with users and providing realistic solutions are much more effective and will provide the ongoing control you need to deal with this new form of network access.

The Growth of Data on the Network and What You Should Do about It

More applications, more devices, and server virtualization adoption are all key contributors to the growth of data on networks. Recently, we came across an Infonetics research report that showed that the demand for higher-speed ports (10G, 40G, 100G) rose 62% from 2012. Not a surprise really for anyone in the networking industry.

Data on networks are colossal, and growth continues seemingly unabated.

So what does that mean for a network engineer in terms of monitoring and analyzing data? How should your habits and practices change?

Below we provide four key tactics that network engineers should abide by when handling increased network data.

Continuous Capture
With network backbones either at 10G or greater, it is essential to capture data 24/7. Traditional network analysis in the form of portable troubleshooting is no longer an option. By the time you dig out the network analyzer, find the right port(s) to monitor on the 10G switch, and get things fired up the problem is ancient history. And most laptops aren’t going to have a 10G card in them, and even if they do “standard” network interface cards (NIC) are not up to the task of lossless 10G packet capture. At 10G, you need dedicated hardware that can capture data 24/7 for easy troubleshooting the instant an issue occurs.

Check out this video for more details:

Adequate Storage
Network analysis at 10G requires not just new hardware and 24/7 monitoring, it also requires a different approach. Detailed, real-time analysis is just not practical at 10G – and it’s not required since the problem you’re looking for only encompasses a small subset of the data. What is required is ongoing recording of all network data (packets) so you can “rewind” to the timeframe of interest and perform a more targeted analysis of the specific problem. To do this, you need to store all of this packet data so it’s available when you begin your investigation. For example, if you’re recording at a full 10Gbps, and you have 32TB of disk space in your appliance, you can record about 7.0 hours of network data. Fortunately, even on a 10G network segment, you’re not going to find 10Gbps steady state on the line, so you should have enough storage space even If the problem occurs overnight. However, if you need storage for an entire weekend, you need to carefully plan your disk space against your expected aggregate traffic. One solution is to add an aggregation tap in your network infrastructure. This helps by sending packet data to multiple appliances and increases to overall storage available for heavily utilized high-speed networks.

Proper Capture Points
If you are monitoring a physical network connection, your capture points are pretty obvious, especially when dealing with a network backbone. However, with the increased volume of east-west traffic due to virtualization, you may need to adjust your monitoring points, or add some, to maintain full visibility. The best way to deal with this in a distributed virtual environment is to add a vSwitch into the architecture and use it as the connection point for your network analysis appliance. For more details on this tactic, check out our blog “Where to capture packets in high-speed and data center networks.”

Prioritizing the data you collect is key. Any amount of data that you can filter out increases the overall throughput of data you can monitor and extends the range of your available storage. For example, if you have a lot of web traffic on your network (and who doesn’t), and it’s all encrypted, why not slice all of the payloads off the data? This will significantly reduce the overall volume of data. Or perhaps backups are the biggest source of overnight network traffic. Again, you really don’t need the payloads of backup traffic; you really just want to know that it’s happening and perhaps log some metrics like the latency of the transfers. By leveraging what you know about your own network you can significantly reduce your network analysis needs, and either save money or extend the capabilities of your existing assets.

Why Customers Choose WildPackets

Customers come to us for a multitude of reasons. Some aren’t happy with their current network monitoring solutions; others are experiencing network glitches that they cannot solve; and some simply need a cohesive analysis solution. WildPackets offers a suite of products that bring customers to us from far and wide, many of whom need specific capabilities in their monitoring solution. Let’s take a look at just a few of the reasons WildPackets is the leading network analysis solution.

10G Analysis
WildPackets led the way in 10G analysis, being the first to introduce a network recorder to break the 10G barrier. When our TimeLine network recorder was introduced in 2010 it was the only network recorder to capture and store packet-level data, with no data loss whatsoever, at 11.7Gbps. Since then, WildPackets has continued to refine TimeLine, offering even more real-time statistics, increasing our overall data throughput, and adding support to capture directly from 40G network segments.

Network Forensics
Going hand-in-hand with network recording is network forensics. As you’re streaming packets to the network recorder perhaps you see a troubling trend in the real-time dashboard, or maybe a user enters a trouble ticket. Network forensics allows you to analyze a subset of your recorded data while the overall high-speed capture continues uninterrupted.

Often associated with security, network forensics goes well beyond security and also helps solve far more common issues on your network, like spikes in utilization, drops in VoIP call quality, and increased latency in both network and application performance. If a problem does occur, you no longer have to try to recreate the problem, which is typically the most time consuming task in any troubleshooting session. Instead, with TimeLine, you simply go back in time, find the problem on the dashboard, and solve it.

Remote Analysis
The days of using a laptop to perform portable analysis, especially on high-speed wired networks, are now extinct. Corporate networks are highly distributed, even for small to medium sized businesses. Even if your company operates from a single location, odds are you host some services remotely, and use some level of software-as-a-service (SaaS), making it difficult to always be where problems are occurring. WildPackets’ Omni Distributed Analysis Platform provides a wide range of options for remote network analysis, from “lightweight” software solutions like OmniPeek Remote Assistant and OmniEngine software probe, to high performance network recording appliances like TimeLine. With a WildPackets solution, network engineers can monitor and analyze highly distributed network architectures without ever leaving their desks.

Top-Down Approach to Network Monitoring
For an overall, top-down view of any network segment, customers find WildPackets flagship OmniPeek network analyzer most helpful, whether as a portable analyzer or as a console to any of our remote analysis solutions. OmniPeek provides complete visibility into your network – including Ethernet, Gigabit, 10G, 802.11a/b/g/n/ac, and VoIP and video. OmniPeek provides visual context into the network so that even junior IT staff can drill down into performance problems and solve performance issues across multiple network segments. This ensures maximum network uptime and user satisfaction.

The Full Suite of Network Monitoring and Analysis Products
And for a complete view across your entire network, WildPackets offers WatchPoint network monitor. This solution builds on our suite of distributed analysis products and provides a comprehensive graphical interface of overall network performance, including top talkers, top applications, overall utilization, VoIP performance, and detailed reporting of detected network and application problems (Experts). WatchPoint also provides a direct link for detailed, packet-level analysis to determine the root cause of any issue.

What is your favorite WildPackets product? Feel free to leave us a comment and share your thoughts.