Don't Let History Repeat Itself – Network Monitoring and Reporting with WatchPoint

www.wildpackets.com © WildPackets, Inc.

Jay Botelho

Director of Product Management

WildPackets

[email protected]

Show us your tweets! Use today’s webinar hashtag:

#wp_watchpoint with any questions, comments, or feedback.

Follow us @wildpackets

Don’t Let History Repeat Itself Network Monitoring and Reporting with

WatchPoint

© WildPackets, Inc. 2 WatchPoint v2.0

Agenda

• Key Technologies in Network Reporting

• Limitations in Single Technology Approaches

• Why WatchPoint

• WatchPoint v2.0 Demo ‒ Determining long-term trends using WatchPoint

‒ Troubleshooting ongoing issues with WatchPoint

‒ Generating detailed, scheduled reports

‒ Linking directly from high-level reporting to detailed packet

analysis

• Company Overview

• Product Line Overview


Key Technologies in Network

Reporting


Choices and Comprises

Overhead???

Cost???

Data

Gra

nula

rity

Data Accuracy

SNMP

Flow-based

Packet-based


SNMP

• Best used to identify and describe system

configuration

• Monitor network-attached devices for high-level

conditions ‒ Up/Down

‒ Total traffic (bytes, packets)

‒ Number of users

• Typically polling-based – heavy bandwidth impact

• Typically 5 second granularity

• Trouble-shooting/root cause analysis not possible


"Go With the Flow"

• Flows, or flow records, have become the default element used in centralized network monitoring

• A ―flow‖ is a sequence of packets that has the following seven identical characteristics:

‒ Source IP address

‒ Destination IP address

‒ Source port

‒ Destination port

‒ Layer 3 protocol type

‒ TOS byte

‒ Input logical interface

• By implication, a flow is unidirectional


Packet-based - OmniFlow

• Developed by WildPackets

• Analysis of every packet AND payload

• Unrivaled info for each flow

• Layer 3 - 7

• 100% accurate

• Minimal network impact – 10’s of Kbps

• Monitor AND troubleshoot


Limitations in Single Technology

Approaches


Not All Data Sources Are Created Equal

Netflow sFlow OmniFlow Packets

• Developed by

Cisco

• RFC 3176

• sFlow agents

• Developed by

WildPackets

• RFC 1122

• Transit and

terminated traffic

• Statistical

sampling

• Higher speed

networks

• Analysis of every

packet AND

payload

• Every packet

recorded

• Detailed

troubleshooting

• Detailed info for

each flow

• Time-based

sampling of

interface counters

• Unrivaled info for

each flow

• Layer 2 - 7

• Apdex, Latency,

Reconstruction, …

• NO packets • NO packets • Links to packets • Packets with

network forensics

• Sampled – not

100% accurate

• Sampled – not

100% accurate

• 100% accurate • 100% accurate


It’s All In The Packets

Detailed errors

automatically

identified, with

alerts

One click identifies

the user and

application

One more click

identifies the root

cause of the issue


Why WatchPoint?


WatchPoint v2.0 Delivers

• 100% data accuracy ‒ Stop wondering if your monitoring solution is missing key results

• Detailed network history ‒ No loss of granularity for historical data

• Complete visibility ‒ From global network usage to detailed packet analysis for root-

cause analysis in a single solution

‒ SNMP, NetFlow, sFlow, OmniFlow integrated into a single

solution

• Immediate access to worldwide network data ‒ Monitor network usage and drill-down into specifics at the speed

of a click


WildPackets Comprehensive Solutions


Enterprise-wide Network Management


WatchPoint Benefits

• For CIOs ‒ High-level, instantaneous view of entire enterprise-wide network

‒ Quickly identify anomalistic network behavior

‒ Network usage, compliance, SLA reporting

• For IT Managers ‒ Centrally managed monitoring solution

‒ Configure access based on role and usage

‒ Modify reports on-the-fly to see the data you need

• For Network Engineers ‒ Find and fix network issues before they become major problems

‒ Correlate WatchPoint data with OmniEngine packet files for

detailed, post-capture analysis


What’s New in WatchPoint v2

• Comprehensive network monitoring via SNMP,

NetFlow, sFlow and OmniFlow

• Pre-built and custom reports

• SLA monitoring of key network elements ‒ Alerts, Alarms, Notifications

• Detailed drill-down into utilization, flows, and

conversations

• OmniFlow enhancements ‒ Direct access to packets

‒ Aggregated reporting of Expert events

‒ Aggregated reporting of VoIP statistics


WatchPoint v2.0 Demo


WatchPoint 2.0 At-A-Glance

• Detailed, precise, conversation-based analysis ‒ Eliminates inaccuracies from polling/sampling-based solutions

• 1 minute history – ALWAYS ‒ Never time-averaged historical data

• Tight integration into packet analysis – one solution

• Global reporting of Expert and VoIP analysis for

investigation of real-time or historical problems


Company Overview


Corporate Background

• Experts in network monitoring, analysis, and troubleshooting

‒ Founded: 1990 / Headquarters: Walnut Creek, CA

‒ Offices throughout the US, EMEA, and APAC

• Our customers are leading edge organizations

‒ Mid-market, and enterprise lines of business

‒ Financial, manufacturing, ISPs, major federal agencies,

state and local governments, and universities

‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000

• Award-winning solutions that improve network performance

‒ Internet Telephony, Network Magazine, Network Computing Awards

‒ United States Patent 5,787,253 issued July 28, 1998 • Different approach to maintaining availability of network services


Real-World Deployments

Education

Health Care / Retail

Financial

Telecom

Government

Technology

http://www.fbiband.com/

http://www.dea.gov/


Product Line Overview


OmniPeek/Compass Enterprise Packet Capture, Decode and Analysis

• 10/100/1000 Ethernet, Wireless, WAN, 10G

• Portable capture and OmniEngine console

• VoIP analysis and call playback

Omnipliance / TimeLine Distributed Enterprise Network Forensics

• Packet capture and real-time analysis

• Stream-to-disk for forensics analysis

• Integrated OmniAdapter network analysis cards

WatchPoint Centralized Enterprise Network Monitoring Appliance

• Aggregation and graphical display of network data

• WildPackets OmniEngines

• NetFlow and sFlow

Product Line Overview


OmniPeek Network Analyzer

• OmniEngine Manager

– Connect and configure distributed OmniEngines/Omnipliances

• Comprehensive dashboards present network traffic in real-time

– Vital statistics and graphs display trends on network and application

performance

– Visual peer-map shows conversations and protocols

– Intuitive drill-down for root-cause analysis of performance bottlenecks

• Visual Expert diagnosis speeds problem resolution

– Packet and Payload visualizers provide business-centric views

• Automated analytics and problem detection 24/7

– Easily create filters, triggers, scripting, advanced alarms and alerts


Omnipliance Network Recorders

• Captures and analyzes all network traffic 24x7

– Runs our OmniEngine software probe

– Generates vital statistics on network and application performance

– Intuitive root-cause analysis of performance bottlenecks

• Expert analysis speeds problem resolution

– Fault analysis, statistical analysis, and independent notification

• Multiple Issue Digital Forensics

– Real-time and post capture data mining for compliance and troubleshooting

• Intelligent data transport

– Network data analyzed locally

– Detailed analysis passed to OmniPeek on demand

– Summary statistics sent to WatchPoint for long term trending and reporting

– Efficient use of network bandwidth

• User-Extensible Platform

– Plug-in architecture and SDK


Omnipliance Network Recorders Price/performance solutions for every application

Portable Edge Core

Ruggedized

Troubleshooting

Small Networks

Remote Offices

Datacenter Workhorse

Easily Expandable

Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis

Quad-Core Xeon 2.5GHz Quad-Core Intel Xeon

X3460 2.80Ghz

Two Quad-Core Intel Xeon

E5530 2.4Ghz

4GB RAM 4GB RAM 6GB RAM

2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots

2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports

500GB and 2.5TB SATA

storage capacity

1TB SATA storage capacity 2TB SATA storage capacity


TimeLine

• Fastest network recording and real-time statistical

display — simultaneously ‒ 11.7Gbps sustained capture with zero packet loss

‒ Network statistics display in TimeLine visualization format

• Rapid, intuitive forensics search and retrieval ‒ Historical network traffic analysis and quick data rewinding

‒ Several pre-defined forensics search templates making

searches easy and fast

• A natural extension to the WildPackets product line

• Turnkey bundled solution ‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect


TimeLine For the most demanding network analysis tasks

TimeLine

10g Network Forensics

3U rack mountable chassis

Two Quad-Core Intel Xeon 5560 2.8Ghz

18GB RAM

4 PCI-E Slots

2 Built-in Ethernet Ports

8/16/32TB SATA storage capacity


WatchPoint Centralized Monitoring for Distributed Enterprise Networks

• High-level, aggregated

view of all network

segments

– Monitor per campus, per

region, per country

• Wide range of network

data

– NetFlow, sFlow, OmniFlow

• Web-based, customizable

network dashboards

• Flexible detailed reports

• Omnipliances must be

configured for continuous

capture


WildPackets Key Differentiators

• Visual Expert Intelligence with Intuitive Drill-down

– Let computer do the hard work, and return results, real-time

– Packet / Payload Visualizers are faster than packet-per-packet diagnostics

– Experts and analytics can be memorized and automated

• Automated Capture Analytics

– Filters, triggers, scripting and advanced alarming system combine to provide

automated network problem detection 24x7

• Multiple Issue Network Forensics

– Can be tracked by one or more people simultaneously

– Real-time or post capture

• User-Extensible Platform

– Plug-in architecture and SDK

• Aggregated Network Views and Reporting

– NetFlow, sFlow, and OmniFlow


Thank You!

WildPackets, Inc.

1340 Treat Boulevard, Suite 500

Walnut Creek, CA 94597

(925) 937-3200