Network Health for the Holidays

www.wildpackets.com © WildPackets, Inc.

Jim MacLeod

Product Manager

WildPackets

[email protected]

Follow me @shewfig

Network Health for the Holidays

Show us your tweets! Use today’s webinar hashtag:

#wp_nethealth with any questions, comments, or feedback.

Follow us @wildpackets

© WildPackets, Inc. #wp_nethealth

Administrivia

• All callers are on mute ‒ If you have problems, please let us know via the Chat window

• There will be Q&A at the end ‒ Feel free to type a question at any time

• Slides and recording will be available: ‒ Via a follow-up email

2


Agenda

• The holiday paradox

• Holiday traffic patterns ‒ Internal

‒ External

‒ E-Commerce

• How to be ready to react ‒ Preparation

‒ Troubleshooting tips

• About WildPackets

3


The Holiday Paradox

• Time to relax ‒ Vacation

‒ Holidays

‒ Holiday music

• Lots of stress ‒ Holiday shopping

‒ End of year

4


Internal Traffic Patterns

5


Vacation

• Fewer employees = less network demand? ‒ Likely only during the last week of December

‒ It will get worse before it gets better

• Must fit more work into less time ‒ Stressed users

‒ Demand for network and server uptime

6


End of Year

• High demands in Sales ‒ Remote user connectivity

‒ Send lots of attachments in email via VPN

• High demands in Finance ‒ Annual numbers, closing out the books

‒ and Operations, Manufacturing, Shipping/Receiving, Billing…

• Extra attention to obscure servers ‒ Quoting systems

‒ Order processing servers

‒ Accounting systems

‒ ERP

7


End-of-Year Applications

• Often built by Experts, not Programmers ‒ Emphasis on easy development, not efficient operation

• Not necessarily network-efficient ‒ E.g. send all records in response to every database request

‒ Lots of small operations, small packets, application turns

• Not necessarily network-tolerant ‒ Short timeout: breaks frequently across WAN links

‒ Poor error handling: hangs on packet loss or remote error

• Not necessarily user-friendly ‒ Must complete multiple pages in order

‒ Network timeout on last page: all previous work is lost

8


Campus Shutdown

• Everyone gets the holidays off… except IT

• Perfect for planned downtime ‒ New equipment, new configs, new problems

• Good time to get ready for next year ‒ Flood of new BYOD holiday gifts

9


External Traffic Patterns

10


Holiday Music

• Radio station live stream ‒ Streaming real-time audio

‒ Low bandwidth, constant

‒ Similar to VoIP

• “Online music” ‒ Bursted downloads

‒ Periodic high bandwidth

‒ Similar to web browsing

11


Holiday Shopping

• Demand for Internet connection

• Latency problems: ‒ Sites may be slow due to large numbers of visitors

‒ Corporate Internet link may be slow due to high use

‒ Either way, users say “The network is slow!”

• E-commerce shopping: ‒ Browse with HTTP, purchase with HTTPS

‒ Problems with server-side handoff during checkout

12


Working From Home

• VPN connection issues ‒ License or other hard limits on sessions

• “It works in the office” ‒ Higher latency: app time-outs

‒ Slower link: inefficient apps significantly slower

‒ Email: uploading multi-MB attachments takes a long time

• Effects on servers ‒ Slow connections take disproportionate resources

‒ Server-side limits on threads, processes • Longer connection duration due to slow speed

• Higher numbers of concurrent users

13


E-Commerce Issues

14


Birth of Cloud

• Amazon had lots of extra servers for holidays

• Rent out server resources the rest of the year

15


Critical Sales Time

• Highest annual demand for website ‒ Highest revenue

‒ Downtime costs more during holidays than any other time

• Scaling up for demand ‒ Horizontal scalability: more servers per tier

‒ Infrastructure may not scale: limits on number of sessions

• Hidden complexity ‒ More inter-server communication, e.g. database sync

‒ Need more WAN bandwidth, but also more LAN

16


Complex Applications

• Database transactions ‒ Do databases scale as well as the front end?

‒ Overloaded databases slow the user experience

‒ Slow experience may result in abandoned cart

• Credit card payment processing ‒ Partner site to complete transaction

‒ Also their highest time of year for demand

‒ How will your e-commerce apps handle transaction timeouts?

17


Preparation Recommendations

18


Create Visibility

• Determine critical network points now ‒ Add monitoring and visibility

‒ Good troubleshooting info speeds recovery

• Holiday traffic tip: ‒ Need extra visibility?

‒ Have extra hardware?

‒ Good time to evaluate OmniEngine Enterprise!

19


Profile Critical Apps

• Any unusual patterns or protocols? ‒ Probably “standard” protocols in non-standard ways

‒ Specialized apps are expensive, not necessarily efficient

• Common enterprise “in-house” app architecture ‒ Java or .Net

‒ ODBC database connections

‒ Lots of server-server “East-West” traffic

‒ You may need more visibility within the server room

20


Proprietary Protocols?

• Common examples ‒ Binary IPC (net-encapsulated memory transfers)

‒ NetBIOS / MS networking / SMB / “shared files”

‒ ODBC / SQL, possibly encrypted

• Common problems ‒ Multicast (typical for “clustering” apps)

‒ Dynamic ports (make firewalling difficult)

• “HTTP-like” ‒ Weird protocols on port 80 or 8080

• Triggers lots of warnings from IDS

‒ Often the opposite: HTTP on non-standard port • Use “Choose Decoder” to apply standard decode

21


Monitor Bandwidth at Choke Points

• Internet link(s) ‒ WAN

‒ VPN

• Datacenter connections ‒ How much traffic between servers within the data center?

‒ Can tiers of the same application be hosted in the same switch?

‒ Classic “North-South” design chokes “East-West” traffic

• Start profiling now ‒ Watch the traffic volume

‒ Set the capture speed to reflect actual link speed

22


Know Your Packet Path(s)

• Additional devices between segments? ‒ Firewalls? IDS? Proxies?

• What constraints are on those boxes? ‒ Session limits or timeouts?

‒ Typical systems have “hard” limits

• How do they affect traffic? ‒ NAT complicates client/server problem diagnosis

‒ VPNs artificially reduce MTU, but not MSS • Can result in fragmentation: 2 packets per packet

• Double load for encryption/decryption

23


Troubleshooting Tips

24


Slow Network • Compass dashboard, “2-Way Latency”

‒ Identify commonalities: nodes, protocols, or flows?

‒ Use breakdown of network and application latency

25


Slow Network • Multi-Segment Analysis:

‒ Capture the same traffic at multiple points

‒ Provides measurement of latency and loss per link

26


Wi-Fi Issues

• Start with Compass dashboard, “Signal strength” ‒ Do users with complaints show low signal strength?

• Check for roaming ‒ A node only roams when it’s got signal issues

‒ Roaming causes a temporary disconnect

‒ Can take several seconds (or more!) to re-connect

27


Security Issues

• Network recorders are always useful here ‒ Rewind & review the traffic

‒ Determine how they got in

• Detect rogues ‒ OmniPeek can label nodes:

• Trusted, Known, and Unknown

‒ Expert diagnosis to identify rogues

28


Summary

• Holidays are a time of joy and stress

• Learn your network now ‒ Be ready to diagnose quickly

• Don’t overstuff yourself at Thanksgiving ‒ Keep your network from getting overstuffed too!

29


Q&A

Show us your tweets! Use today’s webinar hashtag:

#wp_nethealth with any questions, comments, or feedback.

Follow us @wildpackets

Follow us on SlideShare! Check out today’s slides on SlideShare

www.slideshare.net/wildpackets


WildPackets Corporate Overview

Optimizing Network and Application Performance


Corporate Background

• Experts in network monitoring, analysis, and troubleshooting

‒ Founded: 1990 / Headquarters: Walnut Creek, CA

‒ Offices throughout the US, EMEA, and APAC

• Our customers are leading edge organizations

‒ Mid-market and enterprise lines of business

‒ Financial, manufacturing, ISPs, major federal agencies,

state and local governments, and universities

‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000

• Award-winning solutions that improve network performance

‒ Internet Telephony, Network Magazine, Network Computing awards

‒ United States Patent 5,787,253 issued July 28, 1998 • “Apparatus and Method of Analyzing Internet Activity”


Business Opportunity

• Growing $5B network management market (Gartner)

• VoIP, video, and other converged networking

applications are saturating network bandwidth

• Increasing network speeds create a discontinuity ‒ 1 Gig 10 Gig 40 Gig 100 Gig networks

• Users and business will not tolerate downtime

Need for better real-time network visibility in addition to

network forensics and DPI


Unprecedented Network Visibility

ROOT-CAUSE ANALYSIS

OmniPeek network analyzer performs deep packet inspection

and can reconstruct all network activity, including e-mail and

IM, as well as analyze VoIP and video traffic quality.

PINPOINT NETWORK ISSUES ANYWHERE

Omnipliance Portable can rapidly identify and troubleshoot

issues before they become major problems—wired or

wireless—down the hall or across the globe.

UNDERSTAND END-USER PERFORMANCE TimeLine and Omnipliance network recorders monitor

and analyze performance across critical network

segments, virtual environments, and remote sites.

NETWORK HEALTH

WatchPoint can manage and report on key

devices’ performance and availability across

the entire network, from anywhere on the network.

GLOBAL

DISTRIBUTED

PORTABLE

DPI


A History of Innovation

2003 Distributed real-time

troubleshooting

2001 • First 802.11

wireless analyzer

• First network

analyzer with

automated expert

analysis

2005 Combined distributed

network and VoIP

network analysis

2008 Enterprise-wide

Monitoring and Reporting

2009 Innovative dashboard

with drill-down for VoIP

and video

2012 • Capture, record, and

analyze from 40G

network segments

• First wireless network

analyzer to support

801.11ac, k, r, u, v, w

2011 • Total visibility with

zero packet loss

• First wireless

network analyzer to

support capture and

analysis of 802.11n

3-stream wireless

2010 First to achieve 11 Gbps

sustained capture-to-disk


Real-World Deployments

Education

Health Care / Retail

Financial

Telecom

Government

Technology

WildPackets Proprietary

http://www.fbiband.com/

http://www.dea.gov/


Product Line Overview


Omni Distributed Analysis Platform

OmniPeek Enterprise Packet Capture, Decode and Analysis

• Ethernet,1/10 Gigabit, 802.11, and voice and video over IP

• Portable capture and OmniEngine console

• Aggregate analysis data across multiple capture points

Omnipliance / TimeLine Distributed Enterprise Network Forensics

• High-performance packet capture and real-time analysis

• Stream-to-disk for forensics analysis

• Integrated OmniAdapter network analysis cards up to 40G

WatchPoint Centralized Enterprise Network Monitoring Appliance

• Aggregation and graphical display of network data

• WildPackets OmniEngines

• NetFlow and sFlow


Omni Distributed Analysis Platform Software and Turnkey Solutions

• Enterprise monitoring and reporting

‒ WatchPoint Server

‒ OmniFlow, NetFlow, and sFlow Collectors

• Software probes and network recorders

‒ Omnipliance network recorders – Edge, Core

‒ TimeLine network recorders

‒ OmniAdapter analysis cards

• Distributed analysis software

‒ OmniPeek – Enterprise, Professional, Basic, Connect

‒ OmniEngine – Enterprise, Desktop, OmniVirtual

• Portable solutions

‒ OmniPeek network analyzer

‒ Omnipliance Portable


Key New Features in v7

• 40G network support

• Analyze issues from end to end:

Multi-Segment Analysis (MSA)

• Collect data from non-technical end users:

OmniPeek Remote Assistant (ORA)

• Single, interactive dashboard for

utilization, top talkers, top protocols,

latency, Experts, flows, and wireless

signal strength

• New wireless specifications

‒ 802.11ac 802.11k

‒ 802.11r 802.11u

‒ 802.11v 802.11w


OmniPeek Network Analyzer

• Distributed analysis manager

– Connect to and configure distributed OmniEngines, Omnipliances,

and TimeLines

• Comprehensive dashboards present network traffic in real-time

– Vital statistics and graphs display trends on network and application

performance

– Visual peer-map shows conversations and protocols

– Intuitive drill-down for root-cause analysis of performance bottlenecks

• Visual Expert diagnosis speeds problem resolution

– Packet and payload visualizers provide business-centric views

• Automated analytics and problem detection 24/7

– Easily create filters, triggers, scripting, advanced alarms, and alerts


Omnipliance Network Recorders

• Captures and analyzes all network traffic 24x7

– Runs WildPackets OmniEngine software probe

– Generates vital statistics on network and application performance

– Intuitive root-cause analysis of performance bottlenecks

• Expert analysis speeds problem resolution

– Fault analysis, statistical analysis, and independent notification

• Multiple issue digital forensics

– Real-time and post capture data mining for compliance and troubleshooting

• Intelligent data transport

– Network data analyzed locally

– Detailed analysis passed to OmniPeek on demand

– Summary statistics sent to WatchPoint for long term trending and reporting

– Efficient use of network bandwidth

• User-extensible platform

– Plug-in architecture and SDK


TimeLine Network Recorder

• Continuous network recording and comprehensive

real-time statistical display — simultaneously ‒ 12Gbps sustained capture with zero packet loss

‒ Network statistics display in TimeLine visualization format

• Rapid, intuitive forensics search and retrieval ‒ Historical network traffic analysis and quick data rewinding

‒ Several pre-defined forensics search templates making

searches easy and fast

• A natural extension to the WildPackets product line

• Turnkey bundled solution ‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect


WildPackets Network Recorders Price/Performance Solutions for Every Application

Portable Edge Core TimeLine

Ruggedized

Troubleshooting

Small Networks

Remote Offices

Datacenter Workhorse

Easily Expandable

Enterprise, Highly-

Utilized Networks

Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis 3U rack mountable chassis

Dual 2.13 GHz Quad-Core Intel

Xeon L5630 "Westmere"

Quad-Core Intel Xeon X3460

2.80Ghz

Dual Intel Xeon Quad Core

E5530 2.4GHz

Dual Intel Xeon Quad Core

X5560 2.8GHz

24GB RAM 4GB RAM 6GB RAM 18GB RAM

2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots 4 PCI-E Slots

2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports

6TB SATA storage capacity 1TB SATA storage capacity 8/16TB SATA

storage capacity

8/16/32/48TB SATA

storage capacity

4.5Gbps CTD 1.1Gbps CTD 3Gbps CTD 12Gbps CTD


WatchPoint Centralized Monitoring for Distributed Enterprise Networks

• High-level, aggregated

view of all network

segments

– Monitor per campus, per

region, per country

• Wide range of network

data

– NetFlow, sFlow, OmniFlow

• Web-based, customizable

network dashboards

• Flexible detailed reports

• Direct link to detailed,

packet-based analysis


Comprehensive Support and Services

Standard Support

Maintenance and upgrades

Telephone and email contacts

Knowledgebase

MyPeek Portal

Premier Support

24 x 7 x 365

Dedicated escalation manager

2 customer contacts per site

Plug-in reconfiguration assistance

WildPackets Training Academy

Public, web-based, and on-site classes

Complete curriculum: technology and product focused

Practical applications and labs covering network analysis,

wireless, VoIP monitoring and advanced troubleshooting

Consulting and Custom Development Services

Deployment, configuration, and assessment engagement

Systems integration and testing

Application integration, driver, decode, interface development


24x7 Network Monitoring,

Analysis, and Troubleshooting

© WildPackets, Inc. #wp_nethealth WildPackets Proprietary

Capture Data • Drivers

• Probes

• Packets

Derived Data • Statistics

• Measurements

• Tracking

Data Mining • Aggregation

• Base-lining

• Correlation

Data Abstraction • Predictive

• Autonomics

• Closed-loop

Long-Term Product Vision Event-driven Application and Network Performance Management


WildPackets Key Differentiators

• Visual Expert intelligence with intuitive drill-down

– Let computer do the hard work, and return results, real-time

– Packet /payload visualization is faster than packet-per-packet diagnostics

– Experts and analytics can be memorized and automated

• Automated capture analytics

– Filters, triggers, scripting, and advanced alarming system combine to provide

automated network problem detection 24x7

• Multiple issue network forensics

– Can be tracked by one or more people simultaneously

– Real-time or post capture

• User-extensible platform

– Plug-in architecture and SDK

• Aggregated network views and reporting

– NetFlow, sFlow, and OmniFlow


Thank You!

WildPackets, Inc.

1340 Treat Boulevard, Suite 500

Walnut Creek, CA 94597

(925) 937-3200

Network Health for the Holidays

Technology

wildpackets wildpackets

nethealth wildpackets

ecommerce issues wildpackets

network demand

holiday paradox time

holiday shopping demand

highest time of year

new problems good time