Thanks to Moore’s Law and the advances of IT, the growing appetite for network bandwidth is unabated. More applications, devices, and services are being added to the network causing greater complexity for network administration.
A lot of customers come to us with questions about how they should plan for the influx of data on their network, and how they should analyze this massive amount of data. Below, we’ve provided answers to some of the most common questions. If you have more, please leave us a comment and we’ll be happy to respond.
How should I monitor data on high-speed networks?
Due to the amount of data that is traversing the network, it is essential to identify the data you need to monitor for business purposes, especially if you plan to perform real-time analysis on the data.
We suggest dissecting your network into three areas – devices, network performance, and application performance. The reasoning here is that different solutions excel in each of these areas. Leveraging the best solution for each area will provide the maximum analysis capability, and spreading the monitoring and analysis load over several solutions will enable you to analyze even more data in real time.
Is a network recorder necessary at 10G?
Yes. At 10G, assuming you want to monitor the entire link, you need to capture and record data 24/7. It is extremely challenging, and time consuming, to recreate problems that you’ve missed at 10G. Trying to do this is like trying to find a needle in a haystack.
Use of a network recorder means you’ll be performing all of your analysis post-capture, since at 10G real-time analysis is essentially impossible. Most network recorders provide a very reasonable set of real-time stats to provide guidance when further analysis is required.
Is it better to have multiple 1G streams for network analysis, like five or six, rather than simply one network recorder monitoring at 10G?
Basically, this question boils down to “do you want to perform real-time analysis, or is post-capture analysis sufficient for your needs”? If you really want to do real-time analysis on a 10G link, use a smart tap to capture the 10G traffic and then break that traffic down into manageable chunks, typically 1Gbps or less, and then feed these slower speed streams into your real-time network analysis solution.
How does network analysis change at 10G?
The basic difference is moving from real-time analysis to post-capture analysis, or network forensics. The analysis itself is basically the same, except that in post-capture analysis you pick a small subset of the data, based on time, or an IP address range, or a certain protocol, and only do the detailed analysis on that specific slice of data. This approach allows a single appliance to be able to both capture and store all data on a 10G link and provide detailed analysis when required. As always, being judicious in your data analysis will enable you to focus on the specific problems and solve them most quickly.