Upload
wildpackets
View
830
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Watch the full OnDemand Webcast: http://bit.ly/networkmonitoringandreporting History repeating itself is often a bad thing. But how about on your network? When your network is running smoothly you want history to repeat itself, but when problems occur you want to know when, where and why they occurred and prevent them from repeating themselves. The theme here is history, and if you can’t adequately display, analyze and report on your network’s history, you'll never know if you’re repeating it – good or bad. WatchPoint from WildPackets records your network history, minute by minute, from multiple sources, including SNMP, NetFlow, sFlow and WildPackets network analysis probes. Data from these varied sources are aggregated into a single reporting solution, for months or even years, providing both up-to-the-minute and long-term historical reporting and analysis of network events. When used with WildPackets network analysis and recording probes, including TimeLine, additional network details like Expert analysis and VoIP performance are also recorded for both up-to-the-minute and long-term historical reporting. With WatchPoint, you'll understand when history should be repeated, and when it should be avoided! In this webcast, we will cover: Key technologies used in long-term network reporting The limitations of single technology approaches The value of long-term historical reporting and analysis What you will learn: Determining long-term trends using WatchPoint Troubleshooting ongoing issues with WatchPoint Generating detailed, scheduled reports Linking directly from high-level reporting to detailed packet analysis
Citation preview
www.wildpackets.com © WildPackets, Inc.
Jay Botelho
Director of Product Management
WildPackets
Show us your tweets! Use today’s webinar hashtag:
#wp_watchpoint with any questions, comments, or feedback.
Follow us @wildpackets
Don’t Let History Repeat Itself Network Monitoring and Reporting with
WatchPoint
© WildPackets, Inc. 2 WatchPoint v2.0
Agenda
• Key Technologies in Network Reporting
• Limitations in Single Technology Approaches
• Why WatchPoint
• WatchPoint v2.0 Demo ‒ Determining long-term trends using WatchPoint
‒ Troubleshooting ongoing issues with WatchPoint
‒ Generating detailed, scheduled reports
‒ Linking directly from high-level reporting to detailed packet
analysis
• Company Overview
• Product Line Overview
www.wildpackets.com © WildPackets, Inc.
Key Technologies in Network
Reporting
© WildPackets, Inc. 4 WatchPoint v2.0
Choices and Comprises
Overhead???
Cost???
Data
Gra
nula
rity
Data Accuracy
SNMP
Flow-based
Packet-based
© WildPackets, Inc. 5 WatchPoint v2.0
SNMP
• Best used to identify and describe system
configuration
• Monitor network-attached devices for high-level
conditions ‒ Up/Down
‒ Total traffic (bytes, packets)
‒ Number of users
• Typically polling-based – heavy bandwidth impact
• Typically 5 second granularity
• Trouble-shooting/root cause analysis not possible
© WildPackets, Inc. 6 WatchPoint v2.0
"Go With the Flow"
• Flows, or flow records, have become the default element used in centralized network monitoring
• A ―flow‖ is a sequence of packets that has the following seven identical characteristics:
‒ Source IP address
‒ Destination IP address
‒ Source port
‒ Destination port
‒ Layer 3 protocol type
‒ TOS byte
‒ Input logical interface
• By implication, a flow is unidirectional
© WildPackets, Inc. 7 WatchPoint v2.0
Packet-based - OmniFlow
• Developed by WildPackets
• Analysis of every packet AND payload
• Unrivaled info for each flow
• Layer 3 - 7
• 100% accurate
• Minimal network impact – 10’s of Kbps
• Monitor AND troubleshoot
www.wildpackets.com © WildPackets, Inc.
Limitations in Single Technology
Approaches
© WildPackets, Inc. 9 WatchPoint v2.0
Not All Data Sources Are Created Equal
Netflow sFlow OmniFlow Packets
• Developed by
Cisco
• RFC 3176
• sFlow agents
• Developed by
WildPackets
• RFC 1122
• Transit and
terminated traffic
• Statistical
sampling
• Higher speed
networks
• Analysis of every
packet AND
payload
• Every packet
recorded
• Detailed
troubleshooting
• Detailed info for
each flow
• Time-based
sampling of
interface counters
• Unrivaled info for
each flow
• Layer 2 - 7
• Apdex, Latency,
Reconstruction, …
• NO packets • NO packets • Links to packets • Packets with
network forensics
• Sampled – not
100% accurate
• Sampled – not
100% accurate
• 100% accurate • 100% accurate
© WildPackets, Inc. 10 WatchPoint v2.0
It’s All In The Packets
Detailed errors
automatically
identified, with
alerts
One click identifies
the user and
application
One more click
identifies the root
cause of the issue
www.wildpackets.com © WildPackets, Inc.
Why WatchPoint?
© WildPackets, Inc. 12 WatchPoint v2.0
WatchPoint v2.0 Delivers
• 100% data accuracy ‒ Stop wondering if your monitoring solution is missing key results
• Detailed network history ‒ No loss of granularity for historical data
• Complete visibility ‒ From global network usage to detailed packet analysis for root-
cause analysis in a single solution
‒ SNMP, NetFlow, sFlow, OmniFlow integrated into a single
solution
• Immediate access to worldwide network data ‒ Monitor network usage and drill-down into specifics at the speed
of a click
© WildPackets, Inc. 13 WatchPoint v2.0
WildPackets Comprehensive Solutions
© WildPackets, Inc. 14 WatchPoint v2.0
Enterprise-wide Network Management
© WildPackets, Inc. 15 WatchPoint v2.0
WatchPoint Benefits
• For CIOs ‒ High-level, instantaneous view of entire enterprise-wide network
‒ Quickly identify anomalistic network behavior
‒ Network usage, compliance, SLA reporting
• For IT Managers ‒ Centrally managed monitoring solution
‒ Configure access based on role and usage
‒ Modify reports on-the-fly to see the data you need
• For Network Engineers ‒ Find and fix network issues before they become major problems
‒ Correlate WatchPoint data with OmniEngine packet files for
detailed, post-capture analysis
© WildPackets, Inc. 16 WatchPoint v2.0
What’s New in WatchPoint v2
• Comprehensive network monitoring via SNMP,
NetFlow, sFlow and OmniFlow
• Pre-built and custom reports
• SLA monitoring of key network elements ‒ Alerts, Alarms, Notifications
• Detailed drill-down into utilization, flows, and
conversations
• OmniFlow enhancements ‒ Direct access to packets
‒ Aggregated reporting of Expert events
‒ Aggregated reporting of VoIP statistics
www.wildpackets.com © WildPackets, Inc.
WatchPoint v2.0 Demo
© WildPackets, Inc. 18 WatchPoint v2.0
WatchPoint 2.0 At-A-Glance
• Detailed, precise, conversation-based analysis ‒ Eliminates inaccuracies from polling/sampling-based solutions
• 1 minute history – ALWAYS ‒ Never time-averaged historical data
• Tight integration into packet analysis – one solution
• Global reporting of Expert and VoIP analysis for
investigation of real-time or historical problems
www.wildpackets.com © WildPackets, Inc.
Company Overview
© WildPackets, Inc. 20 WatchPoint v2.0
Corporate Background
• Experts in network monitoring, analysis, and troubleshooting
‒ Founded: 1990 / Headquarters: Walnut Creek, CA
‒ Offices throughout the US, EMEA, and APAC
• Our customers are leading edge organizations
‒ Mid-market, and enterprise lines of business
‒ Financial, manufacturing, ISPs, major federal agencies,
state and local governments, and universities
‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000
• Award-winning solutions that improve network performance
‒ Internet Telephony, Network Magazine, Network Computing Awards
‒ United States Patent 5,787,253 issued July 28, 1998 • Different approach to maintaining availability of network services
© WildPackets, Inc. 21 WatchPoint v2.0
Real-World Deployments
Education
Health Care / Retail
Financial
Telecom
Government
Technology
www.wildpackets.com © WildPackets, Inc.
Product Line Overview
© WildPackets, Inc. 24 WatchPoint v2.0
OmniPeek/Compass Enterprise Packet Capture, Decode and Analysis
• 10/100/1000 Ethernet, Wireless, WAN, 10G
• Portable capture and OmniEngine console
• VoIP analysis and call playback
Omnipliance / TimeLine Distributed Enterprise Network Forensics
• Packet capture and real-time analysis
• Stream-to-disk for forensics analysis
• Integrated OmniAdapter network analysis cards
WatchPoint Centralized Enterprise Network Monitoring Appliance
• Aggregation and graphical display of network data
• WildPackets OmniEngines
• NetFlow and sFlow
Product Line Overview
© WildPackets, Inc. 25 WatchPoint v2.0
OmniPeek Network Analyzer
• OmniEngine Manager
– Connect and configure distributed OmniEngines/Omnipliances
• Comprehensive dashboards present network traffic in real-time
– Vital statistics and graphs display trends on network and application
performance
– Visual peer-map shows conversations and protocols
– Intuitive drill-down for root-cause analysis of performance bottlenecks
• Visual Expert diagnosis speeds problem resolution
– Packet and Payload visualizers provide business-centric views
• Automated analytics and problem detection 24/7
– Easily create filters, triggers, scripting, advanced alarms and alerts
© WildPackets, Inc. 26 WatchPoint v2.0
Omnipliance Network Recorders
• Captures and analyzes all network traffic 24x7
– Runs our OmniEngine software probe
– Generates vital statistics on network and application performance
– Intuitive root-cause analysis of performance bottlenecks
• Expert analysis speeds problem resolution
– Fault analysis, statistical analysis, and independent notification
• Multiple Issue Digital Forensics
– Real-time and post capture data mining for compliance and troubleshooting
• Intelligent data transport
– Network data analyzed locally
– Detailed analysis passed to OmniPeek on demand
– Summary statistics sent to WatchPoint for long term trending and reporting
– Efficient use of network bandwidth
• User-Extensible Platform
– Plug-in architecture and SDK
© WildPackets, Inc. 27 WatchPoint v2.0
Omnipliance Network Recorders Price/performance solutions for every application
Portable Edge Core
Ruggedized
Troubleshooting
Small Networks
Remote Offices
Datacenter Workhorse
Easily Expandable
Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis
Quad-Core Xeon 2.5GHz Quad-Core Intel Xeon
X3460 2.80Ghz
Two Quad-Core Intel Xeon
E5530 2.4Ghz
4GB RAM 4GB RAM 6GB RAM
2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots
2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports
500GB and 2.5TB SATA
storage capacity
1TB SATA storage capacity 2TB SATA storage capacity
© WildPackets, Inc. 28 WatchPoint v2.0
TimeLine
• Fastest network recording and real-time statistical
display — simultaneously ‒ 11.7Gbps sustained capture with zero packet loss
‒ Network statistics display in TimeLine visualization format
• Rapid, intuitive forensics search and retrieval ‒ Historical network traffic analysis and quick data rewinding
‒ Several pre-defined forensics search templates making
searches easy and fast
• A natural extension to the WildPackets product line
• Turnkey bundled solution ‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect
© WildPackets, Inc. 29 WatchPoint v2.0
TimeLine For the most demanding network analysis tasks
TimeLine
10g Network Forensics
3U rack mountable chassis
Two Quad-Core Intel Xeon 5560 2.8Ghz
18GB RAM
4 PCI-E Slots
2 Built-in Ethernet Ports
8/16/32TB SATA storage capacity
© WildPackets, Inc. 30 WatchPoint v2.0
WatchPoint Centralized Monitoring for Distributed Enterprise Networks
• High-level, aggregated
view of all network
segments
– Monitor per campus, per
region, per country
• Wide range of network
data
– NetFlow, sFlow, OmniFlow
• Web-based, customizable
network dashboards
• Flexible detailed reports
• Omnipliances must be
configured for continuous
capture
© WildPackets, Inc. 31 WatchPoint v2.0
WildPackets Key Differentiators
• Visual Expert Intelligence with Intuitive Drill-down
– Let computer do the hard work, and return results, real-time
– Packet / Payload Visualizers are faster than packet-per-packet diagnostics
– Experts and analytics can be memorized and automated
• Automated Capture Analytics
– Filters, triggers, scripting and advanced alarming system combine to provide
automated network problem detection 24x7
• Multiple Issue Network Forensics
– Can be tracked by one or more people simultaneously
– Real-time or post capture
• User-Extensible Platform
– Plug-in architecture and SDK
• Aggregated Network Views and Reporting
– NetFlow, sFlow, and OmniFlow
www.wildpackets.com © WildPackets, Inc.
Thank You!
WildPackets, Inc.
1340 Treat Boulevard, Suite 500
Walnut Creek, CA 94597
(925) 937-3200