Tag Archives: network analyzer

The Growth of Data on the Network and What You Should Do about It

More applications, more devices, and server virtualization adoption are all key contributors to the growth of data on networks. Recently, we came across an Infonetics research report that showed that the demand for higher-speed ports (10G, 40G, 100G) rose 62% from 2012. Not a surprise really for anyone in the networking industry.

Data on networks are colossal, and growth continues seemingly unabated.

So what does that mean for a network engineer in terms of monitoring and analyzing data? How should your habits and practices change?

Below we provide four key tactics that network engineers should abide by when handling increased network data.

Continuous Capture
With network backbones either at 10G or greater, it is essential to capture data 24/7. Traditional network analysis in the form of portable troubleshooting is no longer an option. By the time you dig out the network analyzer, find the right port(s) to monitor on the 10G switch, and get things fired up the problem is ancient history. And most laptops aren’t going to have a 10G card in them, and even if they do “standard” network interface cards (NIC) are not up to the task of lossless 10G packet capture. At 10G, you need dedicated hardware that can capture data 24/7 for easy troubleshooting the instant an issue occurs.

Check out this video for more details:

Adequate Storage
Network analysis at 10G requires not just new hardware and 24/7 monitoring, it also requires a different approach. Detailed, real-time analysis is just not practical at 10G – and it’s not required since the problem you’re looking for only encompasses a small subset of the data. What is required is ongoing recording of all network data (packets) so you can “rewind” to the timeframe of interest and perform a more targeted analysis of the specific problem. To do this, you need to store all of this packet data so it’s available when you begin your investigation. For example, if you’re recording at a full 10Gbps, and you have 32TB of disk space in your appliance, you can record about 7.0 hours of network data. Fortunately, even on a 10G network segment, you’re not going to find 10Gbps steady state on the line, so you should have enough storage space even If the problem occurs overnight. However, if you need storage for an entire weekend, you need to carefully plan your disk space against your expected aggregate traffic. One solution is to add an aggregation tap in your network infrastructure. This helps by sending packet data to multiple appliances and increases to overall storage available for heavily utilized high-speed networks.

Proper Capture Points
If you are monitoring a physical network connection, your capture points are pretty obvious, especially when dealing with a network backbone. However, with the increased volume of east-west traffic due to virtualization, you may need to adjust your monitoring points, or add some, to maintain full visibility. The best way to deal with this in a distributed virtual environment is to add a vSwitch into the architecture and use it as the connection point for your network analysis appliance. For more details on this tactic, check out our blog “Where to capture packets in high-speed and data center networks.”

Prioritizing the data you collect is key. Any amount of data that you can filter out increases the overall throughput of data you can monitor and extends the range of your available storage. For example, if you have a lot of web traffic on your network (and who doesn’t), and it’s all encrypted, why not slice all of the payloads off the data? This will significantly reduce the overall volume of data. Or perhaps backups are the biggest source of overnight network traffic. Again, you really don’t need the payloads of backup traffic; you really just want to know that it’s happening and perhaps log some metrics like the latency of the transfers. By leveraging what you know about your own network you can significantly reduce your network analysis needs, and either save money or extend the capabilities of your existing assets.

Combat Network Complexity with a Network Analyzer

So, there you are in the middle of a planning meeting for next year’s budget, when alerts start rolling into your inbox indicating excessive bandwidth usage on one of your subnets. Do you have to excuse yourself from the meeting (in a panic), or can you rest assured that the data you need to troubleshoot the issue is already being collected?

If your first instinct is to jump up and get back to your work area to try to catch the issue while it’s still happening, knowing that if you miss it you’ll be facing the tedious task of trying to recreate the problem on your network, your network monitoring and troubleshooting system is inefficient. Your network is your business communication lifeline and if you cannot trust the systems you already have in place to capture the data you need as problems are happening, your business cannot function efficiently.

As network traffic  increases and new technologies and capabilities are added into your IT infrastructure, your ability to address issues reactively is significantly reduced. Therefore, you need network monitoring and analysis solutions in place that allow you to remain proactive, identifying and addressing issues as they happen, enabling detailed analysis without having to reproduce the problem, or waiting for it to happen again.water walking ball

Enter the network analyzer. A network analyzer captures each and every packet transmitted on a network, enabling detailed analysis of both the packet header and the payload, resulting in the most detailed view possible of all network transactions. When network analysis is deployed for 24×7 data capture, network traffic is constantly monitored, analyzed, and recorded, eliminating the time-consuming task of reproducing network issues, reducing the frustration of waiting for an issue to happen again, and providing sufficient detail to unequivocally address the major issue facing network engineers today: Is it the network or the application?

When looking at a network from a business perspective, a network analyzer can help you streamline many processes for solving network problems. They can also provide you with unmatched visibility and understanding of what the “normal” behavior of your network is, so you know exactly when your network starts to diverge from “normal.”

Here’s what you should be looking for when selecting a network analyzer, and how it can help you manage your business communication lifeline.

Detail Oriented:
Network engineers have a variety of tools, but many of them can only show a high-level view of what is happening on the network. For ongoing monitoring, that may be just fine, but once a problem is identified these tools lack the depth of information required  to address complex issues, and let’s face it, just about every network problem is complex. Network analysis solutions based on deep packet inspection show you exactly what is happening, down to the most significant details.

A Single Solution:
So, knowing that you’re going to need the details provided by a network analysis solution to solve network issues, and we’re not bragging but 20+ years of experience indicates that’s the case, why not implement a single solution based on deep packet inspection? Since all packet traffic is being captured and analyzed, network analysis solutions based on deep packet inspection also make excellent sources for the higher-level, statistical data often associated with network monitoring solutions, like those based on flow-based technologies. A single solution always makes business sense, reducing not only the upfront costs, but also the recurring costs of maintenance and training. And as networks continue to get faster and more heavily utilized, off-loading statistical network data collection from the network devices themselves to a dedicated network analysis appliance just makes sense.

Serving as a Second Opinion:
Many network analyzers also address specific protocols, like voice or video. On many networks, the standard operating procedure for VoIP is to rely on the management software that was supplied with the VoIP system for monitoring and analysis, but this is a bit like trusting the fox with the hen house. With a network analysis solution in place, you can use it to provide a second opinion on your overall VoIP performance. You may be surprised at what you find.

And if you have a heterogeneous VoIP solution, you’ll need an independent VoIP analysis capability anyway, so why not use your network analysis solution, further increasing its value.

See Problems Before They Happen:
Many analyzers also provide expert analysis capabilities, constantly monitoring your network for common (and not so common) network issues so you can see problems the instant they begin to develop. And once alerted to these issues, your network analysis solution has all of the data already in place to quickly identify the root cause of the problem.

Network Baselines:
Network analyzers can (and should) be used to provide baselines of overall network and application behavior, arming you with the information you need to determine when conditions change abruptly on your network. Maybe there is a highly predictable spike in network traffic around noon each day when people “working” at their desks over lunch spend time accessing YouTube. Understanding this will help you determine when network spikes are worth analyzing, and when they’re just part of your overall network behavior.

Network Recording:
Network recording is another key element in overall network analysis. All network analyzers buffer some amount of network traffic, but network recording provides the capability to store all network traffic, at the packet level, for days at a time. With this capability, you never need to run back to the office to capture a spurious problem, and you never have to waste days trying to reproduce a network issue. The entire history of all network transactions, at the network layer, is readily available to you.

And it’s not just about capture and storage. Be sure that your network analysis solution provides some level of real-time statistical reporting while recording, and that rewinding and analyzing the data is quick and intuitive

Now, considering the solutions and processes that you currently have in place, do you think that you are getting the most out of your network monitoring capabilities? Perhaps a network analysis solution based on deep packet inspection is what you really need to fill in the holes in your current solutions and processes.

IP Video – It’s like Living with a Teenager

Teenagers. Maybe you have one (or more) at home; maybe not. But we’ve all been one, so I know you can relate. Moody and unpredictable. Overly sensitive. Taking up more space than any human has a right to. High maintenance. They’re just so adorable.

Well, it turns out we have an exploding data type on our networks that behaves much the same way – IP video. In a recent whitepaper by Cisco, it was reported that all forms of video (TV, VoD, Internet, and P2P) will be approximately 90% of the global consumer Internet traffic by 2015. And per the report, that’s 90% of what will be 966 exabytes, or nearly a zettabyte, of IP data. To see what that looks like graphically, check out this link. Although video traffic on the enterprise side will not be as heavy as that on the consumer Internet, it will increase dramatically nonetheless, and will certainly be much more than 50% of the enterprise network traffic by 2015. It looks like you’re going to need both network management and high school guidance counselor skills by 2015 to manage enterprise networks.

With this dramatic increase in video traffic, video will be in competition with enterprise corporate data, enterprise application access, SaaS, and cloud computing. And given its tendency towards teenage behavior, you’re going to have your hands full. Below are a few details of how the characteristics of IP video can adversely affect your enterprise network.

Video is “bursty,” or in the teenage analogy, unpredictable, which is an undesirable characteristic for networks that work best under stable conditions – predictable and consistent. Packet sizes range all over the place, and often hit the network in large bursts. And of course these bursts are tagged with high QoS (quality of service) tags, so they take precedence over your other mission critical application data. Characterization of your IP video traffic, including weeding out business traffic from surfing, is critical to the health of your enterprise network.

Space Hog
Video is a bandwidth hog. One HD video stream can consume up to 20Mbps of bandwidth. So if five people are trying to stream a movie, it means that they are taking up 100Mbps of your network. This may not seem like a ton of traffic, but depending on the distribution of these users on your network, and the number of users serviced, bandwidth availability can certainly become an issue. And remember, the amount of video on your network is increasing all the time.

Overly Sensitive
Video is also very sensitive to latency, jitter and packet loss, even more so than voice, which we covered in this blog post. These sensitive protocols demand that your network is performing at its peak level to ensure that these issues are minimized. As video becomes more common on the network, performance demands will continue to grow and become harder to reach. Specific metrics and demands of latency, jitter, and packet loss are described in more detail below with this video segment and graph:

Due to the high performance demands of video, it is typically tagged for the highest QoS delivery as I mentioned earlier. However, as video traffic starts exceeding data traffic, enterprises will need to maintain different quality of service between users or video types since it is self-defeating for most of the traffic on a network to have the highest QoS tagging.

As video continues to grow, or as some might say invade, your enterprise network, it is more important than ever to plan and design your network to carry video. And just as the teenage years pass, the video phase will also pass in time, allowing networks to again hum along in a predictable pattern. That is, until the next disruptive technology come along! In next week’s blog, we’ll be providing some best practices on designing, monitoring, and managing your network to help that teenager grow up.