Tag Archives: TimeLine Network Recorder

Scale Your Network Visibility with WildPackets

Scalability is an issue that’s coming up more and more frequently as 10G and 40G networks grow in popularity. As networks grow in size, the ability of network analysis solutions to either handle the growing amount of data or to accommodate the growth is telling of its scalability.

Network growth results in more network analysis through increased analytical throughput, scope, data storage, and distributed analysis. As your network grows and you encounter these issues, there are ways to scale your visibility so that you’re not looking for a needle in a 10G haystack.

Architect for Visibility
As always, knowing your network is key. Know what traffic is important to your company. Is it mission critical business applications, like order entry, financials, and CRM? Or is it web-based traffic that’s driving your online retail business? Once you decide what, and how much, of this traffic requires ongoing monitoring and analysis, you’ll know where to look to specifically identify the traffic that you’ll want to capture. Building visibility into your network infrastructure can help both of these practices. Through strategic placement of analysis points, you’ll be able to get instant information to fix problems faster.

Visibility includes both summary level monitoring data and detailed network metrics, including visibility into network packet traffic and even specific packet decodes. Only a packet-based network analysis system, like the Omni Distributed Analysis Platform, provides the complete range of visibility required to monitor and troubleshoot today’s high-speed networks, keeping networks running smoothly and guaranteeing the very best end-user experience.

Backbone Visibility
Though often the fastest link in your infrastructure, the network backbone – the aggregation of all your distribution layer networks – can be an excellent point for monitoring network traffic and capturing network data for more detailed analysis. Depending on your overall network architecture, the network backbone may be a roll-up of just about all of your critical network traffic, especially if traffic is driven through a centralized network operations center (NOC), or if your company is a heavy user of cloud-based or other third party SaaS applications that drive network traffic through your WAN link. Using high speed network monitoring appliances on the network backbone can centralize your network monitoring and analysis, and save money by consolidating network analysis into a single appliance.
The aggregated traffic on the network backbone will typically be high speed, with more and more enterprises migrating to 10G backbones. Packet-based network analysis on the backbone means you’ll be interested in all of the packets, so you will likely need an appliance like WildPackets’ TimeLine network recorder, which captures at rates up to 12Gbps with zero packet loss. Timeline network recorder allows you to store all your data for forensic analysis while continuously capturing network traffic. And if you’re already migrating your backbone to 40G, you can simply add an aggregation tap and a few more TimeLine appliances for a complete 40G solution.

Adding Visibility to Virtual “Blind Spots”
Traditionally, north-south traffic was the most important in network monitoring. However, with the explosive growth virtualization, east-west traffic is becoming more and more important in enterprise networks, and poses a new challenge in network and application performance monitoring. East-west traffic is typically traffic moving within a virtual host or a distributed virtual system. Since much of this traffic resides solely within the virtual environment, and therefore never hits a physical network interface, traditional network monitoring and analysis that is done by tapping into the physical network does not capture this east-west traffic. For example, let’s say the order entry system and the inventory database reside on separate VMs within the same host or distributed system. Communications between the order entry application and the database are east-west traffic. Application performance issues between these systems are “hidden” within the VM. To add visibility, you can either install WildPackets OmniVirtual on one of the VMs to gain visibility into the entire host, or, in the case of larger, distributed virtual systems, the use of a virtual tap is recommended. Virtual taps are sold by many tap vendors, and they provide a physical link that traditional network monitoring appliances can access to expose east-west traffic within the virtual system.

For more information about how WildPackets can help scale your networks, check out our ondemand webcast.

How to Store Your Network Data with TimeLine

Network performance across one of your 10G backbones just took a nosedive. What you’d really like to know is exactly what was going on before, and exactly when, the performance changed, but those network packets are long gone. Or are they?

Some network engineers, and certainly those who have been bitten by such a problem before, are employing network recorders, like WildPackets TimeLine, to constantly record network data at the packet level. With TimeLine you have a complete recording of the traffic on your network, even highly utilized 10G links, so in-depth analysis of situations that happened a few minutes, a few hours, or maybe even a few days ago is only a click away.

Capture Data without Losing It
With more and more traffic running over 10G links, performing real-time analysis is becoming very difficult, especially when you’re reacting to a nose-dive in performance and even the execs are aware of the problem. Perhaps it’s an intermittent problem – are you going to stick around all night waiting for it to happen again so you can capture and analyze the data? Probably, but you don’t need to. TimeLine records and stores each and every packet traversing a network link, up to 12Gbps, with zero packet loss, creating a complete archive of exactly what is transpiring on the network. No need to wait for the problem to happen again; no need to try to reproduce the problem, and in the process risk reducing network performance even further.

TimeLine is specifically designed to store massive amounts of packet data efficiently and without data loss, and to quickly find the data you need when a problem arises. Simply specify the amount of storage space that you want to allocate to the capture, based on the average data throughput and the amount of time you want data to be preserved, and TimeLine does the rest. Once the allocated space is filled, data will simply roll over, first-in-first-out, so you’ll always have data for the amount of time determined when making the storage allocation. Start a monitoring capture at the same time and TimeLine will send alarms to you based on your configuration, so you can be instantly alerted when the problem happens again.

The Longevity of Storage
Some problems may require relatively long storage periods. With up to 48TB of disk space, TimeLine can store nearly 11 hours of data at 10Gbps steady state (and no one pushes their 10G link that hard) or over 2 days at 2Gbps (much more reasonable). So, when that intermittent problem crops up, don’t worry. Just head home, and if you get an alert you can log into TimeLine from home, scan through the real-time statistics that TimeLine generates, focus in on the time frame (or IP address(es), or protocols, etc.) of interest and perform a forensic search directly on the TimeLine box. No additional strain on the network, and if your first search wasn’t exactly right, the data is still there and available for you to search again. And if you’re confident that you have captured all the data you need, you can stop the data capture to preserve your data for as long as you need to complete the analysis.

Let TimeLine Work for You 24/7
Monitoring, capturing, storing, and analyzing network data is – and should be treated as – a full time job, and TimeLine does that job for you. TimeLine will continue to monitor and document your network data even during downtime. Even when only a handful of users are working on your network, it could still experience a hack or a harmful outside threat, especially with the surge of BYOD. For this reason, keep TimeLine on and working so that the data capture is done and stored for you, in real time, 24×7.

If you need to view a particular timeframe, simply highlight that area on the TimeLine utilization graph, and you will see the remaining stats change to reflect that timeframe. While analyzing this specific selection, TimeLine continues to monitor your network data in real time, always making your job easier.

Conquering 10G Network Analysis with TimeLine

Have you made the switch to a 10 Gigabit (10G) network yet?

Despite being around since 2002, only within the last couple of years has 10G become the core backbone and data center fabric used in enterprise networks.  Although there are many benefits that come with 10G, it also introduces a new set of challenges for network managers when problems occur.

At 10G, traditional network analysis and troubleshooting techniques based on real-time, deep packet inspection are severely strained. The key here is “real time.” What does this mean at 10G anyway? Traffic is moving so fast on 10G networks that real-time analysis of anything more than high-level statistics, like overall utilization, top talkers, and top applications, is pure folly. At 10G, the focus shifts from real-time troubleshooting to optimizing the capture of all network data for post-capture, or forensic analysis. By capturing all network data at the packet level, you have an unchallengeable record of all network activity, and with forensic analysis you can perform detailed analysis at your own pace. Also, at 10G it is essentially impossible to replicate network problems – there is just too much data to attempt to reproduce problems for analysis.

This is why WildPackets introduced the TimeLine network recorder in 2010 as the first independently certified monitoring and analysis solution to support 10G connectivity without compromising data accuracy. TimeLine can sustain network data recording with the richest set of real-time statistics at over 11Gbps with zero packet loss, providing both the guidance and the detailed data necessary to determine when, and where, forensic analysis is required.

Below we take you step-by-step on how TimeLine can help when you’re analyzing and troubleshooting your 10G network.

First Step: Capturing Network Data to Disk, Ensuring Zero Data Loss
The biggest challenge in packet-based network analysis at 10G is capturing all the data with zero data loss. You cannot predict in advance what data you might need, so each and every network packet is important. TimeLine has been certified by an independent test lab to capture network data at 11.7Gbps with zero data loss, making it one of the fastest and most versatile appliances on the market today.

Second Step: Storing Network Data for Forensic Analysis
One of the key elements in any network recording solution is how long it can retain data, and this is essentially a function of disk space and efficient storage algorithms. With up to 48TB of disk space, TimeLine is capable of storing nearly two days worth of data at a steady state data rate of 10Gbps, or more realistically, better than eight days at a steady state of 2Gbps, providing plenty of runaway to perform critical forensic analyses.

Third Step: Displaying Real-time Statistics
Even though the focus of network recording is on forensic analysis, it’s imperative that a network recording solution provide some real-time statistics so you can instantly assess the health of the network, and know when you need to dive in for more detailed analysis. TimeLine provides the most complete set of real-time statistics, including key VoIP statistics, so you can be sure your network is behaving as expected without the need for constant forensic analysis.

Fourth Step: Forensics Analysis
Well, this is where the rubber meets the road. You’ve captured and stored the data, and based on the real-time data display you see an area that requires further attention. A simple swipe of the mouse across a time range of interest brings up the network forensics dialog box, allowing you to quickly fine tune your search to return just the data you need, leading you more quickly to the root cause of any network, application, performance, or security issue.

At 10G, it’s important to have the right tools in place to capture the data necessary for network analysis, in other words, a complete recording of all network packets. While it may require an up-front investment to monitor your 10G network, it will save you big in the end by avoiding network downtime, improving tier one application performance, and increasing productivity within the company.

If you are interested in learning more about 10G network analysis check out our TimeLine OnDemand Webcast titled “The Need for Speed – No More Compromises!” and our blog “Why On-the-Fly Analysis Doesn’t Work at 10G.”