Upload
wildpackets
View
1.236
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Watch the full OnDemand Webcast: http://bit.ly/JustTwoClicks Today’s networks are high-speed, widely distributed and mission-critical, making network and application performance monitoring and troubleshooting essential, and very challenging. Oftentimes the statistical data used to compile the monitoring dashboards and reports are insufficient for performing detailed root cause analysis, driving network engineers to use multiple products from multiple vendors to perform different levels of analysis. This significantly increases the cost for IT departments to do business, in a time when budgets are already razor thin. What if you could move from monitoring dashboards and summary level reports to detailed, root cause analysis, with just a few clicks, using a single solution from a single vendor? No longer would you need a separate SNMP monitoring solution for device status, a NetFlow monitoring solution for conversation-based network statistics and a packet-based network analysis solution for detailed, root-cause analysis. With a single solution you could access all of this information from an integrated, web-based dashboard, saving time and money. Please join us to see how WildPackets can meet this challenge and simplify your network monitoring and analysis infrastructure. In this web seminar, we will cover: Best uses for various network monitoring and reporting technologies Limitations in SNMP and flow-based monitoring solutions Advantages of using a packet-based solution for all monitoring, reporting and troubleshooting needs What you will learn: When to use various technologies for network monitoring and reporting How to employ a single solution that spans simple reporting to detailed, root-cause analysis How to quickly move from monitoring to troubleshooting with just a few clicks How an integrated solution can save time, money, and your sanity
Citation preview
www.wildpackets.com © WildPackets, Inc.
Jay Botelho
Director of Product Management
WildPackets
Follow me @jaybotelho
Just Two Clicks Away
Monitoring and Recording to Root-Cause
Analysis
Show us your tweets! Use today’s webinar hashtag:
#wp_visibility with any questions, comments, or feedback.
Follow us @wildpackets
© WildPackets, Inc. 2 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
There’s no debate about the need for
centralized network monitoring and
reporting …
HOW?
The question is …
© WildPackets, Inc. 3 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Agenda
• Choices and Compromises
• SNMP
• Flow-based
• Packet-based
• Company Overview
• Product Line Overview
© WildPackets, Inc. 4 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Choices and Comprises
Overhead???
Cost???
Data
Gra
nula
rity
Data Accuracy
SNMP
Flow-based
Packet-based
www.wildpackets.com © WildPackets, Inc.
SNMP
© WildPackets, Inc. 6 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
SNMP
• Best used to identify and describe system
configuration
• Monitor network-attached devices for high-level
conditions ‒ Up/Down
‒ Total traffic (bytes, packets)
‒ Number of users
• Typically polling-based – heavy bandwidth impact
• Typically 5 minute granularity
• Trouble-shooting/root cause analysis not possible
www.wildpackets.com © WildPackets, Inc.
Flow-based
© WildPackets, Inc. 8 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
"Go With the Flow"
• Flows, or flow records, have become the default element used in centralized network monitoring
• A “flow” is a sequence of packets that has the following seven identical characteristics:
‒ Source IP address
‒ Destination IP address
‒ Source port
‒ Destination port
‒ Layer 3 protocol type
‒ TOS byte
‒ Input logical interface
• By implication, a flow is unidirectional
© WildPackets, Inc. 9 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Basic Flow Analysis
• Packets enter the switch or router
• Packets sampled and flows determined
• Flow records compiled and exported to flow collector
• Flow records stored and subsequently analyzed by flow analysis software
Source: Wikipedia
© WildPackets, Inc. 10 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Flows vs. Flow Records
• Flows are a defined element
• Flow Records are analytical results that vary
by overall standard, vendor and
configuration
• The most common standards for flow
records include: ‒ NetFlow
‒ IPFIX
‒ sFlow
‒ JFlow
© WildPackets, Inc. 11 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Focus on NetFlow
• Packets typically 1500 Bytes each
• Packets come in spurts – up to several Mbytes
• 20 – 50 flow records per packet
• Typically 1 minute reporting granularity
• Used for “accounting”
• Overhead (bandwidth usage - # of packets in reporting period) linearly proportional to the # of flows
• Remember the prime directive – a switch MUST perform its primary function – forwarding packets!
• UDP-based: lost reporting packets can seriously impact data reliability
© WildPackets, Inc. 12 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
On Your Network …
© WildPackets, Inc. 13 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
The Details
© WildPackets, Inc. 14 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Common Flow-based Technologies
Netflow IPFIX sFlow Jflow
•Developed by
Cisco
•Proprietary
•Transit traffic &
terminated traffic
•Detailed info for
each flow
•NO payloads
•Sampling option
not 100%
accurate
• Internet Protocol
Flow Information
eXchange
• IETF standard
•Based on
NetFlow
•Detailed info for
each flow
•NO payloads
•RFC 3176
•Statistical time-
based sampling
•Higher speed
networks
•Less common
than NetFlow
•NO payloads
•Sampled – not
always 100%
accurate
•Developed by
Juniper
•Proprietary
•Similar to
NetFlow
•Detailed info for
each flow
•NO payloads
•Sampled per
global rate – not
100% accurate
Limited Troubleshooting/Root-cause Analysis
www.wildpackets.com © WildPackets, Inc.
Packet-based
OmniFlow
© WildPackets, Inc. 16 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Packet-based - OmniFlow
• Developed by WildPackets
• Analysis of every packet AND payload
• Unrivaled info for each flow
• Layer 3 - 7
• 100% accurate
• Minimal network impact – 10’s of Kbps
• Monitor AND troubleshoot
© WildPackets, Inc. 17 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
OmniFlow Data
© WildPackets, Inc. 18 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Why Are Payloads Important?
© WildPackets, Inc. 19 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
OmniFlow and WatchPoint
• High-level, aggregated view
of all network segments
‒ Monitor per campus, per
region, per country
• Wide range of network data
‒ NetFlow, sFlow, OmniFlow
• Web-based, customizable
network dashboards
• Flexible and detailed
reports
© WildPackets, Inc. 20 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Sample WatchPoint Dashboard
© WildPackets, Inc. 21 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Monitoring AND Detailed Analysis
© WildPackets, Inc. 22 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Not All Flows Are Created Equal
Netflow IPFIX sFlow Jflow OmniFlow
•Developed by
Cisco
•Proprietary
•Transit traffic
& terminated
traffic
•Detailed info
for each flow
•NO payloads
•Sampled
option not
100%
accurate
• Internet
Protocol Flow
Information
eXchange
• IETF standard
•Based on
NetFlow
•Detailed info
for each flow
•NO payloads
•RFC 3176
•Statistical
time-based
sampling
•Higher speed
networks
•Less common
than NetFlow
•NO payloads
•Sampled – not
100%
accurate
•Developed by
Juniper
•Proprietary
•Similar to
NetFlow
•Detailed info
for each flow
•NO payloads
•Sampled per
global rate –
not 100%
accurate
•Developed by
WildPackets
•Proprietary
•Analysis of
every packet
AND payload
•Unrivaled info
for each flow
•Layer 3 - 7
•100%
accurate
•Monitor AND
troubleshoot
© WildPackets, Inc. 23 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Choices and Comprises
Overhead
Cost
Data
Gra
nula
rity
Data Accuracy
SNMP
Flow-based
Packet-based
© WildPackets, Inc. 24 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Summary
• Flow records are NOT created equal
• OmniFlow analyzes packet headers AND payloads
• OmniFlow is NOT statistical - 100% accurate
• OmniFlow provides analysis for all network layers
• WatchPoint aggregates data from multiple OmniFlow data streams
• When OmniFlow data isn’t available, WatchPoint also aggregates both NetFlow and sFlow data for a comprehensive network monitoring solution
www.wildpackets.com © WildPackets, Inc.
Company Overview
© WildPackets, Inc. 26 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Corporate Background
• Experts in network monitoring, analysis, and troubleshooting
‒ Founded: 1990 / Headquarters: Walnut Creek, CA
‒ Offices throughout the US, EMEA, and APAC
• Our customers are leading edge organizations
‒ Mid-market, and enterprise lines of business
‒ Financial, manufacturing, ISPs, major federal agencies,
state and local governments, and universities
‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000
• Award-winning solutions that improve network performance
‒ Internet Telephony, Network Magazine, Network Computing Awards
‒ United States Patent 5,787,253 issued July 28, 1998 • Different approach to maintaining availability of network services
© WildPackets, Inc. 27 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Real-World Deployments
Education
Health Care / Retail
Financial
Telecom
Government
Technology
www.wildpackets.com © WildPackets, Inc.
Product Line Overview
© WildPackets, Inc. 30 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
OmniPeek/Compass Enterprise Packet Capture, Decode and Analysis
• 10/100/1000 Ethernet, Wireless, WAN, 10G
• Portable capture and OmniEngine console
• VoIP analysis and call playback
Omnipliance / TimeLine Distributed Enterprise Network Forensics
• Packet capture and real-time analysis
• Stream-to-disk for forensics analysis
• Integrated OmniAdapter network analysis cards
WatchPoint Centralized Enterprise Network Monitoring Appliance
• Aggregation and graphical display of network data
• WildPackets OmniEngines
• NetFlow and sFlow
Product Line Overview
© WildPackets, Inc. 31 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
OmniPeek Network Analyzer
• OmniEngine Manager
– Connect and configure distributed OmniEngines/Omnipliances
• Comprehensive dashboards present network traffic in real-time
– Vital statistics and graphs display trends on network and application
performance
– Visual peer-map shows conversations and protocols
– Intuitive drill-down for root-cause analysis of performance bottlenecks
• Visual Expert diagnosis speeds problem resolution
– Packet and Payload visualizers provide business-centric views
• Automated analytics and problem detection 24/7
– Easily create filters, triggers, scripting, advanced alarms and alerts
© WildPackets, Inc. 32 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Omnipliance Network Recorders
• Captures and analyzes all network traffic 24x7
– Runs our OmniEngine software probe
– Generates vital statistics on network and application performance
– Intuitive root-cause analysis of performance bottlenecks
• Expert analysis speeds problem resolution
– Fault analysis, statistical analysis, and independent notification
• Multiple Issue Digital Forensics
– Real-time and post capture data mining for compliance and troubleshooting
• Intelligent data transport
– Network data analyzed locally
– Detailed analysis passed to OmniPeek on demand
– Summary statistics sent to WatchPoint for long term trending and reporting
– Efficient use of network bandwidth
• User-Extensible Platform
– Plug-in architecture and SDK
© WildPackets, Inc. 33 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
Omnipliance Network Recorders Price/performance solutions for every application
Portable Edge Core
Ruggedized
Troubleshooting
Small Networks
Remote Offices
Datacenter Workhorse
Easily Expandable
Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis
Quad-Core Xeon 2.5GHz Quad-Core Intel Xeon
X3460 2.80Ghz
Two Quad-Core Intel Xeon
E5530 2.4Ghz
4GB RAM 4GB RAM 6GB RAM
2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots
2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports
500GB and 2.5TB SATA
storage capacity
1TB SATA storage capacity 2TB SATA storage capacity
© WildPackets, Inc. 34 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
TimeLine
• Fastest network recording and real-time statistical
display — simultaneously ‒ 11.7Gbps sustained capture with zero packet loss
‒ Network statistics display in TimeLine visualization format
• Rapid, intuitive forensics search and retrieval ‒ Historical network traffic analysis and quick data rewinding
‒ Several pre-defined forensics search templates making
searches easy and fast
• A natural extension to the WildPackets product line
• Turnkey bundled solution ‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect
© WildPackets, Inc. 35 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
TimeLine For the most demanding network analysis tasks
TimeLine
10g Network Forensics
3U rack mountable chassis
Two Quad-Core Intel Xeon 5560 2.8Ghz
18GB RAM
4 PCI-E Slots
2 Built-in Ethernet Ports
8/16/32TB SATA storage capacity
© WildPackets, Inc. 36 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
WatchPoint Centralized Monitoring for Distributed Enterprise Networks
• High-level, aggregated
view of all network
segments
– Monitor per campus, per
region, per country
• Wide range of network
data
– NetFlow, sFlow, OmniFlow
• Web-based, customizable
network dashboards
• Flexible detailed reports
• Omnipliances must be
configured for continuous
capture
© WildPackets, Inc. 37 Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis
WildPackets Key Differentiators
• Visual Expert Intelligence with Intuitive Drill-down
– Let computer do the hard work, and return results, real-time
– Packet / Payload Visualizers are faster than packet-per-packet diagnostics
– Experts and analytics can be memorized and automated
• Automated Capture Analytics
– Filters, triggers, scripting and advanced alarming system combine to provide
automated network problem detection 24x7
• Multiple Issue Network Forensics
– Can be tracked by one or more people simultaneously
– Real-time or post capture
• User-Extensible Platform
– Plug-in architecture and SDK
• Aggregated Network Views and Reporting
– NetFlow, sFlow, and OmniFlow
www.wildpackets.com © WildPackets, Inc.
Q&A
Show us your tweets! Use today’s webinar hashtag:
#wp_visibility with any questions, comments, or feedback.
Follow us @wildpackets
Follow us on SlideShare! Check out today’s slides on SlideShare
www.slideshare.net/wildpackets
www.wildpackets.com © WildPackets, Inc.
Thank You!
WildPackets, Inc.
1340 Treat Boulevard, Suite 500
Walnut Creek, CA 94597
(925) 937-3200