Recently in Network Managment Category

It's called World Cup fever for a reason. With millions of people watching and reading related news online, it undoubtedly increased Internet traffic. In fact, people apparently care more about soccer than they do the presidential election. The very first day of the tournament, traffic exceeded the previous record of 8.5 million views per minute (vpm), which occurred when Barack Obama was elected. According to measurements by Akamai, traffic for news sites on June 11 started to climb steadily at 6 am ET and peaked six hours later, reaching nearly 12.1 vpm.  And the fact that June 11 was a workday didn't stop people from watching. People turned to their office computers to follow the action. Being able to identify high talkers and effectively manage traffic is a must for organizations that want to stay productive and successful.

Below are some considerations for enterprises in regards to their networks during times of high traffic: 

Understand how your network performs normally

The only way a company can improve network performance is to know where they stand in terms of network demands. Then they can measure success against those baselines. By looking at Internet connections, WAN links, WLAN environments and the data center, enterprises can get a sense of how their network normally acts. A network analyzer can also help organize this information into a report that can be used to not only solve issues that currently exist, but also to allow organizations to go back in time to validate performance and bandwidth utilization as necessary.

Prune and clean WLAN traffic

Remove unnecessary traffic. Devices like printers, support stacks and protocols that aren't in use in the environment can be eliminated. Sometimes, protocols that help manage the network, like routing protocols and SNMP can be found, hogging valuable bandwidth without any purpose.

Know your options

Consider a Web surfing policy. The 2010 FIFA World Cup lasts from June 11 through July 11, 2010 and will likely suck up a lot of bandwidth. Having a set policy in place will help keep traffic down and is an option to be explored. However, getting employees to abide by regulations it's often more of challenge than it's worth.

The fact is, it is important to see new trends approaching and make changes to the network to account for an enterprise's behavior. Popular events can erode profitability and corporate security, as employees not only watch but also participate in social media discussions and gamble online. Review network analysis measures and policies now, so when 2014 rolls around, networks stay healthy and humming.

The recent approval for Yahoo to build a massive campus in the heart of Silicon Valley is the perfect example of how wireless networks can grow and evolve. The sprawling campus will consist of thirteen six-story buildings across 3-million square feet. As a result, the 12,000 Yahoo employees will likely become much more dependent on wireless access, demand it from more locations and expect to have the performance and reliability characteristics of the wired network. There are several issues to consider in a wireless campus environment. As new standards come into play like fast roaming, capacity will become even more of an issue. As more people try to access the network in one area, density will increase and put significant strain on the access point resource. Security is always an issue but in a wireless network environment, it's more about the nature of those on the network and their desire to cause harm. Besides coverage, capacity, density and security issues, below are some key considerations for Yahoo and other enterprises that have distributed wireless worlds.

1. Take advantage of a single vendor's access point management system

These management systems are key in a distributed world. Before, there were wireless monitoring vendors called overlays, which offered additional sensors to access points deployed in the network. However, they were costly in terms of power, equipment and network drops. With access point management systems, companies have access to software that can control channels and power on the fly. Depending on the amount of traffic and people accessing one particular point, the power can be adjusted appropriately.

2. Keep an eye on the spectrum

There are still several interferers out there. 802.11n uses an unlicensed spectrum meaning a lot of other technologies share that same spectrum including Bluetooth, cordless phones, video cameras and microwaves. It's important to be aware of interferers, know what they are and how to manage them.

3. Don't forget about troubleshooting

Monitoring the network through access point management systems isn't enough. It only indicates trouble - it doesn't troubleshoot and solve problems. Being at the scene isn't always effective with campus wide networks, especially when you have satellite offices or are spread across acres of land. Enterprises need an analysis and troubleshooting capability on top of management that can be distributed. This can be done through purchasing additional software probes with wireless adapters. Another option is to leverage the network that is already in place by switching thin APs into promiscuous mode, where their only purpose is to receive and collect packets to be analyzed. Lastly, enterprises can equip network USB hubs with wireless adapters that plug into the Ethernet network. This makes the network transparent and businesses can access adapters to use along with their network troubleshooting software anywhere on the network.

Virtualization adoption continues to increase. According to IDC analyst Cindy Borovick, 2010 will be the first year in which the number of deployed virtual servers will actually outnumber the number of physical ones. More and more companies are turning to virtualized environments to streamline application deployment, to simplify IT operations and to allow IT organizations to respond faster to changing business demands. It's worth noting that due to a decrease in price and an increase in administrative tools that make management easier, virtualization is now being adopted even by smaller mid-market organizations.

It's important to remember that network analysis differs a bit in virtual environments because you're dealing with shared resources. In a traditional environment, you would normally span a switch port from a physical Ethernet switch or router and the data would stream across into the appliance. But in the case of a virtual environment, data comes back through a virtual adapter without actually hitting a physical switch. This creates a data blind spot in your appliance and the communication between appliances is never seen meaning problems with the applications go unknown.

In order to combat this blind spot and successfully perform network analysis in a virtual environment it is important to establish goals.  After all there is no big difference between network analysis in a virtual environment and in a traditional one in terms of goals. The only thing that changes is the implementation. Instead of capturing data at the physical layer, you collect data at the level of the virtual switches. As companies consider virtualization, there are five high-level network analysis related considerations that should be addressed... 

• Be specific - know what you want to analyze and focus only on those areas

• Understand your environment - adjust options to only applications or machines needed, settings are there for a reason and you should take advantage of them in order to receive the best performance

• Analyze the essentials - make sure you are only analyzing what you need to know. You should rule out analysis in areas that aren't of importance to your organization

• Know your resources limits - you should have an idea of your CPU expectations, disk space needed and overall CPU load

• Anticipate hardware resources needs - if you want to do post capture, it is essential to make sure you have the proper amount of disk space allocated. It's important to keep everything within a reasonable limit in a virtualized space since you are taking a single computer and optimizing several resources.

The benefits of implementing virtualization for organizations are well documented. Just make sure you're set up to do proper network analysis to keep the network healthy to maximize those benefits. 

Online mobile VoIP (or VoFi) is coming. In-Stat anticipates 171.3 million users by 2013, with annual revenues projected at $10.8 billion ("Mobile VoIP - Transforming the Future of Wireless Voice; In-Stat In-Depth Analysis," Frank Dickson, Sept. 2009). Previously on our blog we've talked about why VoFi and why now, specifically the benefits of VoFi. Now we'll focus on VoFi monitoring, analysis, and troubleshooting.

Before you panic, take a deep breath. Analyzing VoFi traffic is basically the same as analyzing VoIP traffic. Remember though that wireless exacerbates factors such as jitter, latency, and packet loss that affect VoIP. Watch Using VoIP Metrics to Identify Network Problems for the specifics.

Begin at the Beginning: Your End User's Call

When problems arise with VoIP or VoFi applications, you start in the same place. Your first step - before you begin to worry about statistics or packets - is to take the time to listen to representative calls. You want to hear what your end users are experiencing. Your ear will reveal telltale signs of latency, jitter, and packet loss. Be sure your VoIP analysis application supports playback of call audio, specifically the playback of individual RTP streams as well as the playback of the complete call. Without the audio, you can spend hours tracking down problems that aren't due to either the application or the network - for example, clicking due to a damaged handset.

Take Your Network's Pulse

Once you have listened to the call, you'll want to take a look at what's going on in your network.

Figure 1: Overview of Network Health

Immediately you see what you heard - the call quality was poor. The Mean Opinion Score graph gives an average over all calls occurring on your network. In this example there's just one call, so you see the average for the duration of that call.

Dig Deeper

With Expert Events you're able to verify what your ear told you.

Figure 2: Event Summary

With this call, you can see that there are a lot of physical errors: late packet arrival, retries, out of sequence packets, packet loss, excessive jitter, and more. With the cause identified, you can quickly begin to fix the problem. Looking at the call in its entirety, you'll notice the call is closed, it had a successful ending - meaning the call wasn't truncated - what CODEC was used, how long it was, and what the Mean Opinion Score was.

Figure 3: Call Statistics

In this example, the mean opinion score of 2.5 lets you know that the quality of the call was pretty poor. In the media view, you can drill down into each segment leg to determine why the quality was poor.

Figure 4: Call Details - R Factor, Mean Opinion Score, Packet Loss Percentage, One Way Delay, Etc.

Understand the Differences between Wired VoIP and VoFi Calls

The next two figures show both a Wired VoIP call and a VoFi call packet-by-packet. (For an in-depth discussion of these calls, watch Anatomy of a VoFi Call: Packet-by-Packet.) You'll notice that they're pretty similar. The protocols used are different and with VoFi there's the additional step of authentication.

Figure 5: The Anatomy of a Wired VoIP Call

The differences involve: wireless segments instead of wired segments; signal interference; and wireless roaming.

Figure 6: The Anatomy of a Mobile VoIP (VoFi) Call

Learn More

Last week in Toronto, Joe Habib, Director of Global Services, presented "QoS of IP Telephony: Slaying the Three-Headed Beast of Jitter, Latency, and Packet Loss" at IT360. His presentation (PDF) is now available online. If you're interested in ensuring QoS for your current (or future) VoFi deployment, you should definitely check it out.

In the presentation, you will learn:

• What six factors contribute to poor voice quality
•  How to establish metrics for evaluating VoIP call quality
• How to balance high-speed, bursty data requirements with requirements of high quality voice calls
• How to capture data for VoFi Analysis and use VoIP metrics to identify developing problems
• How to analyze a VoFi call packet-by-packet and verify voice quality with call playback

While the cost for 10GbE is coming down and adoption is rapidly rising, there remain challenges in analyzing 10GbE traffic, most notably because the industry has yet to achieve real-time analysis at 10GbE line rates. However, 10GbE analysis is available and does not have to be limiting in terms of results. Below are six questions that will help determine if your organization is fully optimized for analyzing 10GbE traffic.

1. Are you being specific enough?

It's important to know exactly what you want to capture and what information is going to be most beneficial for your analysis. Your requirements will likely vary between each network segment and odds are you are going to have to capture data at several locations. An excellent way to analyze 10GbE traffic, especially when utilization is high, is to use post-capture analysis and only save the data to a disk in real-time. Trying to capture and analyze simultaneously, in real-time, on highly utilized network segments puts much more strain on the system than if you just save data to a disk for post-capture analysis.

2. Do you REALLY know your network?

Knowing how you expect the network to be performing is all the more critical when trying to analyze highly utilized 10GbE segments. If you're already embroiled in a complex network analysis firefight it's too late to realize that your ability to assess "normal" conditions on the network may be lacking. To get a sense of "normal" conditions before trouble arises, you should perform and archive baseline measurements across specific network traffic like HTTP and key business applications over typical cycles - like an hour, a day, and a week, for the network as a whole. Other metrics to consider include understanding packets size distribution as well as protocol and node usage over time, uncovering cycles in these metrics, which provide a "fingerprint" of your utilization. That way you will always have a clear view of the network for comparison when trouble arises. Only after convincing yourself that the basic data is in place and being collected and analyzed should you embark on detailed analysis and drill-down of packet-level data.

3.  Are you sticking to the essentials?

The temptation is to try to capture and analyze everything, especially when the source of the problem is not immediately known. But quite often certain conditions can be immediately ruled out, and using these clues to limit the collection and analysis to only what is necessary dramatically improves network analysis performance. You always have the option to customize analysis by turning off modules that are not important to the current exercise. Modules such as wireless network performance can be turned off, especially in 10GbE analysis, because odds are they are not relevant to the problem being investigated. The key is to customize your usage and take advantage of it.

4. Do you know your limits?

Even after analysis has been streamlined to only essential areas of the network, data capture for network analysis on 10GbE networks generates a great deal of data quickly, and managing the data becomes a significant challenge. Regardless of the system used, the data is typically stored for subsequent retrieval and post-capture analysis. The two most common formats are standard packet files and databases. In either case, two metrics to manage closely are file size and frequency of disk writes. Though intuition may lead you to think that the larger the file size the better, this is often not the case as very large files require very large memory footprints to open. If the files are too large they will be unworkable on the computer being used for analysis. Smaller files, however, typically lead to more frequent disk writes, and this can rob the system of precious resources for performing the actual packet capture. Optimum performance is achieved with a balance of these two demands, and this is different depending on the hardware resources available. One rule of thumb to keep in mind is that if files are being created every 30 seconds or less, it's going to increase strain on achieving the maximum packet capture rate significantly. Starting with reasonable sized buffers and files makes all the difference. We recommend that you start with 256MB buffer for packet capture and 128MB for files to be created. After a few captures you'll quickly determine if either of these parameters can be better optimized for your system. Also, try to use the lowest number of simultaneous captures as possible. In several systems, you're allowed to create as many captures as you want, but you need to remember that for each capture you open more memory is reserved for buffering and less is available for data processing.

5. Are you filtering and slicing?

Filtering is a way of limiting the overall number of packets captured and stored based upon user-specified criteria. Slicing captures and stores all of the packets, but it truncates the packets after a certain length, typically allowing you to store the header information but slice off the payloads. In both cases the same result is achieved, the overall amount of data to store is significantly reduced, freeing up more processing power for capture and analysis and more disk space for storing the data that's truly important to the current analysis task.

6. Are you being reasonable?

Most network analysis systems allow multiple users to connect to the hardware performing critical network data capture and analysis tasks. Put a limit on users. Nominate an owner for each system that will monitor filters and captures. Make sure it's understood who has the authority to go kill a capture. Too many users with too many options is a recipe for disaster. You can always scale with additional systems if needed.

Unless you've been on another planet, you've most likely heard of cloud computing - a computing approach in which the delivery, operation and management of applications, typically those used by corporations, is outsourced to a third party capable of highly scalable operations. In fact, not only has everyone heard of cloud computing, they're adopting it. Pew Research Center reports that 69 percent of U.S. Internet users are now utilizing some form of Internet-based computing.

This sudden surge to the cloud is leading to the perception that monitoring the network within enterprises is less pertinent in maintaining a functional system since applications and problems are being outsourced. Will cloud computing lead to the demise of network analysis? 

We think not. In fact, we believe that network analysis is very important, if not more critical, in cloud computing. Moving to the cloud will surely alter current network analysis processes and priorities, but a solid network is still needed to handle communication between users and applications. The only difference is that the focus of network management shifts from managing infrastructure to managing service availability and performance.

Cloud computing can be thought of as merely a shift of your application servers from your facility to a different location. Common issues within the network remain. Potential bottlenecks, bandwidth hogs and unauthorized protocol usage still adversely affect application traffic. In order to combat these issues, more diligence must be applied in monitoring application performance. It is essential to establish clear, long-term baselines before transitioning the application to the cloud. Additionally, verifying the performance of transactions that cross multiple applications is key in a new cloud environment. 

As with everything related to the network, security is always an area of concern and transitioning to the cloud is no exception. Concerns with security start the instant the cloud vendor is selected. The relationship with a third party to store and process highly sensitive data and applications needs to be closely monitored. The cloud vendor's security policies and procedures should be understood and the appropriate test processes should be implemented within your own organization to ensure these policies are not violated.

By utilizing cloud computing, a company is simply moving the location of applications and shouldn't interpret it as an excuse to forget about the network. The most important matter for companies considering the cloud is to be certain they have their network analysis processes firmly in place before the transition. This will ensure that they are not relying solely on the cloud vendor for advice. Transitioning to the cloud for any business is evolutionary and will be slow and methodical, but sufficient network analysis will further support the company's success in implementing this new technology.  

For a more in-depth discussion of how cloud computing impacts network analysis watch our free 1 hour OnDemand Webcast.

The OmniPeek Plug-ins are flying off the shelves.  And they should, since they are free to customers with maintenance.   There are over 40+ plug-ins available on MyPeek.   Some are more popular than others.   To help you decide which ones to try first, we have taken a look at the stats, and have come up with the top 10 most downloaded plug-ins.

Compass Forensics Dashboard with enhanced Milliseconds view