pointer

Tag Archives: Protocol Analysis

Preventing Bandwidth Issues

Posted on by .

    First, a quiz: In the following scenario, do you think this is a network, device or application problem?

    Users are continually experiencing garbled and choppy VoIP calls, Internet connections are slow, and you are receiving complaints of poor video quality.

    If you answered network bandwidth issues, you are correct. With video becoming the primary data type on networks of all types, it’s a lot easier for networks to become strained and overused, and often not by mission critical traffic.

    If you are consistently experiencing these problems, here are some helpful steps to take to prevent bandwidth issues.

    Step 1: Create a baseline
    It’s always important to know what your bandwidth needs are based on the number of users and the types of applications that are running on your network. Know who is using what, when, where, and why in regards to network segments. This will help you understand the overall demand on your network and allocate bandwidth appropriately. It will also allow you to quickly determine when network usage is exceeding norms.

    If new applications, new users, or new devices are introduced be sure to reevaluate your baseline usage.

    Step 2: Prioritize critical business applications and tie baseline protocols and usage to those applications
    Each network segment may have different protocol priorities because of the specific applications that traverse those segments. Top applications need to be handled based on business importance for the segment they are individually on.

    That said, even if you prioritize your business applications, any protocol that is not performing well could affect overall application performance. In order to determine what application might be causing problems, it is essential to have a network analyzer that can break down and show individual flows and their performance. The network analyzer can provide visibility into the weakest link as well as options to sort application flows with various criteria choices.

    Step 3: Use packet shaping technologies
    Packet shaping allows you to prioritize certain network traffic, like key applications or real-time data (like VoIP) over other, less critical traffic on your network. For example, if you run an online store that is the backbone of your business, HTTP traffic to and from your web servers is critical. Packet shaping technology can give this traffic priority over everything else, ensuring the best possible user experience for your online customers.

    Step 4: Prune your protocols/traffic
    Most corporate networks have unnecessary traffic which can consume precious network bandwidth needlessly. Check for protocols that may no longer be necessary on your network, or that could be network hogs, like SNMP, to determine if they still have a purpose or if they are being misused. If they are no longer mission critical, make sure your packet shaping technology treats this traffic with the lowest possible priority.

    Along with continuously pruning your network, be sure to constantly monitor your network. The best monitoring solutions will allow you to archive packet data to disk, providing a complete recording of network activity. When your monitoring solution indicates problems, simply “rewind” your network to determine exactly what the issue is. Whether it’s a surge in web-based sales due to your latest promotion, or employees streaming the Stanley Cup playoffs, it’s up to you to know what your network can handle, and up to your network monitoring and analysis solution to let you know when bandwidth issues are about to occur.

      Packet and Protocol Analysis Are the Same Thing, Right?

      Posted on by .

        These two approaches in network analysis are often mentioned synonymously, but one is more thorough than the other. Do you know which one? If yes, then no enjoy this refresher blog post. If no, then let us explain.

        Protocol analysis is a subset of packet analysis. Protocol analyzers interrogate packet headers to determine if the protocol is being used for communication, and what type, like HTTP. This form of analysis is strictly for the communication layer and is best served if you are trying to solve basic connectivity or configuration issues or simple timing issues.

        On the other hand, packet analysis dives deeper into the packet for analysis. Packet analyzers address both the packet header as well as the payload, which contains critical information about applications and their operation on your network. Packet analyzers can answer the deeper, and often-asked question, “is it the network or the application?” The evidence is clear when you dive into a network flow for a user with a problem and see in the decode “Process ID 169 was deadlocked with another process and has been chosen as the deadlock victim. Re-run your command.”

        Need a deeper explanation of troubleshooting end user experience with packet payloads? Check out this post on LoveMyTool.

          Why Packets Count

          Posted on by .

            A packet is the elemental source of data on a network. Packets are self-contained, including not only the information that is to be communicated, but also the routing instructions, addresses, protocols, etc. that allow the information to be correctly delivered, and possibly acknowledged. Packet delivery on a network is a lot like a letter in snail mail, with the contents of the envelope being the information to be transmitted, the envelope containing address and routing information, and the stamp describing the protocol to be used in delivery – first class, signature required at delivery, acknowledgement of receipt, etc. Also, just as with snail mail, issues can occur in transit that either damage the letter, or as many of us have experienced, prevent the letter from being delivered at all.

            Extending this analogy, the contents of a letter, or in the case of packets the payload, are really of no concern to the Postal Service, and typically remain hidden inside the envelope. All the Postal Service needs to know is the address and the mode of delivery. They then determine the routing, without concern for the contents, until delivered to the final recipient. Only then do the contents (payload) become important.

            So, what happens when something goes wrong? How would you even know it went wrong? Well, in the case of network analysis, this is where protocol and packet analysis become important. Often used interchangeably in the industry, protocol and packet analysis are in fact quite different. Protocol analysis relates strictly to the routing and delivery of packets. In terms of our Postal Service analogy, protocol analysis is performed using only the envelope – the contents of the envelope are never analyzed. Packet analysis goes one step further, performing both protocol and packet payload analysis.

            Network engineers are typically concerned with only the delivery of data on the network, and not the data itself, so why worry about packet analysis at all? Isn’t protocol analysis sufficient? Well, in many cases yes, so it’s the best place to start. But even our simple Postal Service analogy can once again help us in understanding why packet (payload) analysis is important. Let’s say you’re communicating with a family member using letters (yes, the world used to communicate in this highly archaic manner just a few short decades ago), and suddenly your weekly communication is disrupted. Why didn’t you get the response you were expecting? Well, with protocol analysis we can see that (a) no communications have been processed that were addressed to you and (b) your “pen pal” recently received additional communications addressed to them. Even though you can see from the return address on the envelopes that one of the correspondences was from the Publishers Clearing House, you assume that’s just the typical junk mail and has no bearing on the delayed response. But let’s say you can see the contents of all of the letters as well (packet analysis), and that the letter from the Publishers Clearing House was not your typical junk mail – it was a notification that your “pen pal” just won $10 million dollars. With that bit of information the source of their distraction becomes clear, and it’s easy for you to understand why you didn’t hear back in the typical response time.

            The above example made one basic, yet often unstated, assumption about our ability to even analyze the Postal Service (network). It assumed we had the proper tools in place, and were using them 24×7, to perform ongoing, real-time analysis, all the while archiving our network data so we could go back and analyze it as necessary. As in our example, it isn’t always immediately obvious that something did or did not happen as expected. You need constant monitoring, with ongoing data storage, so you can analyze the problem as it happens, not wait for it to happen again and hope you catch it. Way more network analysis time is spent trying to reproduce problems rather than solve them. Ongoing network monitoring based on packet analysis gives you all the information you need to analyze your network at its most elemental level.

            So, the next time you sit down for some quality network analysis time, take a quick look at the packets per second. And then imagine that many little letters being delivered each second via your network infrastructure. At least for me, it provides a whole new perspective on just how hard my network works, and just how important my network monitoring and analysis software is to me when something goes wrong.