Monitoring and Managing Network Application Performance
-
Upload
wildpackets -
Category
Technology
-
view
639 -
download
3
description
Transcript of Monitoring and Managing Network Application Performance
www.wildpackets.com © WildPackets, Inc.
The Importance of
Protocol Analyzers
in Today's Networks
Jim Thor – WP Professional Services
WildPackets, Inc.
www.WildPackets.com
(925) 937-3200
© WildPackets, Inc. The Importance of Protocol Analysis
• We used to use Protocol Analyzers for Break/Fix ‒ Meaning we would try to fix the problem every other way before
getting the protocol analyzer out of the cabinet and trying to
figure out how to use it.
• Protocol Analyzers were mostly text based decoders ‒ Good for bit level analysis, but very hard to use when looking for
the needle in the haystack.
• You had to physically be where you wanted to
capture the packets ‒ No such thing back then as remote or distributed analysis
The Early Days of Protocol Analysis
2
© WildPackets, Inc. The Importance of Protocol Analysis
Times Have Changed!
• Those shortcomings of early analyzers are gone ‒ Many of today’s analyzers are Graphical, Distributed and Historical
• Networks are larger and faster than ever before ‒ Getting to 40Gbps now and soon to 100Gbps
• Systems are faster and integrated into daily life ‒ There was a day when a computer was a ‘nice to have’.
‒ Most everyone now has a computer in their pocket, and uses it for
daily tasks and communications.
• Today’s networks are the life blood of businesses ‒ Without a well run network, your business may die!
3
www.wildpackets.com © WildPackets, Inc.
Is There a Doctor in the House?
© WildPackets, Inc.
How’s Your Network's Health?
The Importance of Protocol Analysis
• We have doctors to keep us healthy ‒ Businesses have Network Administrators and Engineers
• But a doctor has to have tools ‒ He has his 5 senses and he is very well educated!
‒ His knowledge alone does not make for a good doctor! He has
to be smart and have experience as well.
• You better hope your doctor has the right tools ‒ Simple tools he could have stethoscope, a thermometer, a reflex
hammer, etc
‒ These would be akin to network tools like ping, traceroute,
and logs
5
© WildPackets, Inc.
It’s All in the Details!
The Importance of Protocol Analysis
• Flow based reporting is nice… ‒ Flow information is a good start, but generally not good for
understanding the details. It’s way too generic and high level.
• Sometimes, you have to have the details, Period. ‒ But not always. There are a lot of available tools. The right tool
depends on the question.
• What is the question you are trying to answer? ‒ ‘Proof is in the Details’. With the details, you can answer
almost ANY question.
‒ Generally, every question from overall utilization to what bit is
set in a packet, can all be answered with a protocol analyzer.
6
© WildPackets, Inc.
The Right Tools Matter!
The Importance of Protocol Analysis
• The tool should not impact the Network!
• Simple tools are helpful and useful even today ‒ Simple tools like ping, tracert, etc., are still necessary and helpful
• More advanced tools are necessary ‒ Netflow, S-Flow, and SNMP are helpful, but often leave too
many questions unanswered
• With the right tools, there is NO need to guess! ‒ Detail oriented tools (packet analysis) give the answers down to
the bit level
‒ These tools can also answer questions ‘back in time’ using
Network Forensics features 7
© WildPackets, Inc.
Network Forensics
The Importance of Protocol Analysis
• Knowing what is happening on the network now ‒ Real time information is always important on any network
• Often, it is important to go ‘Back in Time’ ‒ Security breaches happen before you know about them
‒ Replicating an issue is often not possible
‒ Why wait for an intermittent issue? Go ‘Back’ and see it!
• Network Forensics features allow you to go back and
find the packets from the past ‒ It may be that a server was hacked. Who did it, when, and what
else did they do or what systems did they access!
‒ Also allows for Comparative Analysis, which makes the task of
protocol analysis much easier and more accurate
8
www.wildpackets.com © WildPackets, Inc.
The Important Features
of a Good Protocol Analyzer
© WildPackets, Inc.
The Necessary Features
Depend on Your Needs!
The Importance of Protocol Analysis
• Most important is Ease of Use! ‒ Protocol Analysis can be hard. Having an analyzer that is hard to
use adds unnecessary burden and time to the analysts tasks
• Distributed and Local Capture capabilities
‒ Protocol Analysis is only accurate where you are capturing, so
you usually want to capture at multiple locations to understand
what is happening across the network at various locations
• Software and Hardware Solutions
‒ Since you want to have as many capture points as possible,
having a cost effective solution for deploying at the distribution
and access switches is extremely important
10
© WildPackets, Inc. The Importance of Protocol Analysis
• Speeds and Feeds. ‒ Also make sure the devices are capable of captures on multiple
interfaces simultaneously, and aggregating if necessary
• Forensics ‒ Do you need the ability to ‘Go Back in Time?” Most people do.
• Wireless ‒ Do you have any 802.11 networks? If so, make sure the analyzer you
choose supports WLAN captures.
• VoIP ‒ If you have a VoIP environment, or are planning on having one soon,
make sure to choose an analyzer that supports those needs.
Additional Items to Consider
11
© WildPackets, Inc.
How We Have Helped
The Importance of Protocol Analysis
• Saved lives! ‒ Yes, the results and analysis of 802.11 Wi-Fi traffic in a hospital found
the source of interference that was causing device outages
• Stopped hackers! ‒ The ongoing long term capture in a software company found the source
of the attach, and exactly which systems were compromised
• Made networks faster! ‒ Many examples of fixing network issues that were causing poor
performance. Fixing the issues made the networks much faster.
• Proved it wasn’t the network! ‒ Application vs. Network, we prove constantly who the true culprit is!
• Made the network users more productive! ‒ By fixing network, application and systems issues, all users are more
productive, including network, system, and application administrators!
12
www.wildpackets.com © WildPackets, Inc.
The Feature Presentation
© WildPackets, Inc.
Focusing Blame or Fixing the Issue?
The Importance of Protocol Analysis
• Now that we know more about protocol analyzers, let’s look at a
common problem
‒ Who is to blame?
• The performance is bad, so…
‒ Who is to blame?
• The Users are complaining…
‒ Who is to blame?
• More importantly, where do we focus to find the issue, and fix it!
‒ Stop the Blame Game!
Let’s then now focus on solving this issue and
not focusing the blame!
14
www.wildpackets.com © WildPackets, Inc. © WildPackets, Inc.
© WildPackets, Inc.
The Weigh In Create a baseline…
• Not just, “How much bandwidth am I consuming on
my network or segment?”
• Also, “How much is the X Application consuming?” ‒ What users connect to it?
‒ What outbound connections does the app do?
‒ With what ports? With what nodes? What times? How often?
• It’s impossible to predict the winner if you don’t
know your network and applications…
… and understand their behaviors.
The Importance of Protocol Analysis 16
© WildPackets, Inc.
Scoring the FIGHT What to look for…
• Primary events are anything related to “Slow” ‒ Depending on what events we see, we will know who is at fault
• Application events: ‒ HTTP slow response time
‒ Oracle slow response time
‒ Inefficient client
• Network events: ‒ TCP SLOW segment recovery
‒ Slow retransmissions
‒ Slow acknowledgements
‒ Low throughput
The Importance of Protocol Analysis 17
Let the Expert Analysis help be the referee
© WildPackets, Inc.
Did Someone Say, "TKO"? Get Proof…
The Importance of Protocol Analysis 18
Network may be at fault
System or Application is at fault
© WildPackets, Inc.
Who Won? The Network?
This shows that there are some slow acknowledgements that could be
network related… but keep in mind factors like distance
The Importance of Protocol Analysis 19
Let’s keep looking…
© WildPackets, Inc.
Or is it the System or Application?
This shows slow responses that are system or application related
Let’s go round by round…
The Importance of Protocol Analysis 20
© WildPackets, Inc.
Follow Events to See Who is Involved Use the JAB
right-click option and ‘Select Related Packets’ on the event
The Importance of Protocol Analysis 21
© WildPackets, Inc.
Get the Flows, Not Just Those Packets
The Importance of Protocol Analysis 22
Here we would click on ‘Close’, keeping our 113 packets highlighted!
© WildPackets, Inc.
Do the Winning Combo… ‘Select Related’ We can UPPERCUT (right-click)
on any highlighted packet and do a ‘Select Related’, then ‘By Flow’
The Importance of Protocol Analysis 23
© WildPackets, Inc.
All the Packets – All the Flows
We have selected every packet, in every flow, with the expert event of interest
The Importance of Protocol Analysis 24
© WildPackets, Inc.
Tale of the Tape "Scoring the Fight"
When we select
‘Slow Server
Response Time’,
two sessions to the
same server are
highlighted.
This looks like a
system or
application issue –
not the network.
But we need proof!
The Importance of Protocol Analysis 25
© WildPackets, Inc.
Visual Expert is the Proof! Here is the proof we were looking for!
Two requests for data, two quick TCP Acks, but then a long delay
before the server sent us the data we requested.
The Importance of Protocol Analysis 26
Payload
Length = 0
Payload
Length = 1260
Requests
and Acks
Then the Data
gets returned
much later
© WildPackets, Inc.
A Closer Look Looking more granular at the timing, we see that the ACK came
back in 70ms, but the data didn’t get sent back for another 854ms!
The Importance of Protocol Analysis 27
ACK fast =
Network fast
Data slow =
System slow
© WildPackets, Inc.
Tune the Expert for your network
The Importance of Protocol Analysis 28
Make these times relevant
for your network or the
task at hand!
And use the Import
and Export features
to quickly switch
when necessary
© WildPackets, Inc.
And the winner is…
You!
What we covered…
• Determining whether the application, system, or
network is at fault using TCP
• Tapping the power of ‘Select Related’ using flows to
troubleshoot root causes
• Eliminating false positives by tuning Expert Events
The Importance of Protocol Analysis 29
© WildPackets, Inc.
What’s in your network?
• Manage proactively or by exception
‒ Determine top talkers, nodes, and protocols
‒ Receive early warnings of performance problems anywhere in the network and
then quickly drill down for expert analysis
‒ No need to reproduce issues, simply “replay the tape” (network forensics)
• Monitor the entire network
‒ Identify issues and optimize VoIP and Video quality of service
‒ Measure quality of services applications are delivering to end users
‒ Evaluate network utilization for capacity planning and upgrades
• Optimize and secure your Wireless infrastructure
‒ Identify and fill security holes such has weak encryption or rogue access points
‒ Determine gaps in service across access points
• Extend the capabilities for custom applications
‒ Develop plug-ins to integrate with proprietary equipment
‒ Build decodes for proprietary protocols
The Importance of Protocol Analysis 30
www.wildpackets.com © WildPackets, Inc.
About WildPackets
© WildPackets, Inc.
Corporate Overview
• Our Company
‒ Founded: 1990
‒ Headquarters: Walnut Creek, CA
‒ Offices throughout US, EMEA, APAC
• Our Customers
‒ Thousands of active mid-market and enterprise customers
‒ 60+ countries / 80% of Fortune 1,000
‒ Financial, government, education, health care, telecom
• Our Products
‒ Patented, awarding-winning hardware and software solutions
that optimize network performance and eliminate downtime
The Importance of Protocol Analysis 32
Pioneer and global leader in network and application
performance monitoring, management, and analysis.
© WildPackets, Inc.
Real-World Deployments
Education
Health Care / Retail
Financial
Telecom
Government
Technology
The Importance of Protocol Analysis 33
© WildPackets, Inc.
OmniPeek Network Analyzer
• Standalone Analysis and Remote Analysis UI
‒ Can be used as a portable analyzer, or standalone
‒ Can also connect and configure distributed OmniEngines/Omnipliances
• Comprehensive dashboards present network traffic in real-time
‒ Vital statistics and graphs display trends on network and application
performance
‒ Visual peer-map shows conversations and protocols
‒ Intuitive drill-down for root-cause analysis of performance bottlenecks
• Visual Expert diagnosis speeds problem resolution
‒ Packet and Payload visualizers provide business-centric views
• Automated analytics and problem detection 24/7
‒ Easily create filters, triggers, scripting, advanced alarms and alerts
The Importance of Protocol Analysis 34
© WildPackets, Inc. The Importance of Protocol Analysis 35
© WildPackets, Inc.
Omnipliance Network Recorders
• Captures and analyzes all network traffic at the source 24x7
‒ Runs our OmniEngine intelligent probe software
‒ Generates vital statistics on network and application performance
‒ Intuitive root-cause analysis of performance bottlenecks
• Intelligent data transport
‒ Network data analyzed locally
‒ Detailed analysis passed to OmniPeek on demand
‒ Summary statistics sent to WatchPoint for long term trending and reporting
‒ Efficient use of network bandwidth
• Expert analysis speeds problem resolution
‒ Fault analysis, statistical analysis, and independent notification
• Multiple Issue Digital Forensics
‒ Real-time and post capture data mining for compliance and troubleshooting
The Importance of Protocol Analysis 36
© WildPackets, Inc.
Unprecedented Network Visibility
ROOT-CAUSE ANALYSIS
OmniPeek network analyzer performs deep packet inspection
and can reconstruct all network activity, including e-mail and
IM, as well as analyze VoIP and video traffic quality.
PINPOINT NETWORK ISSUES ANYWHERE
Omnipliance Portable can rapidly identify and troubleshoot
issues before they become major problems—wired or
wireless—down the hall or across the globe.
UNDERSTAND END-USER PERFORMANCE TimeLine and Omnipliance network recorders monitor
and analyze performance across critical network
segments, virtual environments, and remote sites.
NETWORK HEALTH
WatchPoint can manage and report on key
devices’ performance and availability across
the entire network, from anywhere on the network.
GLOBAL
DISTRIBUTED
PORTABLE
DPI
The Importance of Protocol Analysis 37
www.wildpackets.com © WildPackets, Inc.
WildPackets Product Lines
Software and Hardware Solutions for
Portable and Distributed
Network Monitoring and Analysis
© WildPackets, Inc.
Product Offerings Software and Turnkey Appliances
• Enterprise Monitoring and Reporting
‒ WatchPoint Server
‒ OmniFlow, NetFlow, SNMP, and sFlow Collectors
• Network Probes & Recorders
‒ Omnipliance Network Recorders – Edge, Core
‒ TimeLine Network Recorder
‒ OmniAdapter Analysis Cards
• Portable Hardware Solutions
‒ Omnipliance Portable
• Windows based Software Solutions
‒ OmniPeek software – Enterprise, Professional, Basic, Connect
‒ OmniEngine software – Enterprise, Desktop, OmniVirtual
The Importance of Protocol Analysis 39
© WildPackets, Inc.
Omnipliance Network Recorders Price/performance solutions for every application
Portable Edge Core TimeLine Ruggedized
Troubleshooting
Small Networks /
Remote Offices
Regional Offices /
Small Datacenter
Datacenter
Workhorse
Chassis 1U 3U 3U
Memory 24GB 4 GB 6 GB 18 GB
Expansion 2 PCI-E 2 PCI-E 4 PCI-E 4 PCI-E
Storage 6 TB 1 TB 8 TB / 16 TB 8 TB / 16 TB / 32 TB
Max. CTD 4.5Gbps 1Gbps 3.8Gbps 11+Gbps
The Importance of Protocol Analysis 40
© WildPackets, Inc.
Comprehensive Support and Services
Standard Support
Maintenance and upgrades
Telephone and email contacts
Knowledgebase
MyPeek Portal
Premier Support
24 x 7 x 365
Dedicated escalation manager
2 customer contacts per site
Plug-in reconfiguration assistance
WildPackets Training Academy
Public, web-based, and on-site classes
Complete curriculum: Technology and product focused
Practical applications and labs covering network analysis,
wireless, VoIP monitoring and advanced troubleshooting
Consulting and Custom Development Services
Deployment, configuration, and assessment engagement
Systems integration and testing
Application integration, driver, decode, interface development
The Importance of Protocol Analysis 41
© WildPackets, Inc.
Key Differentiators
• High-level network monitoring to root-cause analysis
• Single solution for today’s converged networks ‒ Wired, Wireless, 1GB, 10GB, VoIP, Video, TelePresence, IPTV
• Reduce and even eliminate network downtime ‒ Automated monitoring 24x7
‒ Speedy resolution of network bottlenecks
• Improve network and application performance
• Uniquely extensible platform – tailored to your needs ‒ Plug-ins and APIs for integration and customization
• Fastest capture to disk performance in the industry
The Importance of Protocol Analysis 42
www.wildpackets.com © WildPackets, Inc.
Thank You!
& Questions…
WildPackets, Inc.
www.WildPackets.com
(925) 937-3200
Check out MyPeek! @ mypeek.wildpackets.com
Follow us on SlideShare! Check out today’s slides on SlideShare
www.slideshare.net/wildpackets