SlideShare a Scribd company logo

SharkFest16_Palm_Online

Brad Palm
Brad Palm
1 of 36
Download to read offline
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 SharkFest ‘16 Troubleshooting a Multi-Tier Application in a Production Environment Brad Palm June 16, 2016 Lead Engineer | Marine Corps Network Efficiency Lab
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 DISCLAIMER “The views expressed in this presentation are my own and do not necessarily represent the views of the United States Marine Corps, Department of Defense, or the United States Government.”
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 AGENDA •Background •Problem Framing •Method •Execution •Analysis •Questions
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 BACKGROUND
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 BACKGROUND •Training for Decision Making in Chaotic Environments •Troubleshooting Methodologies •Case Study
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Video of Chaotic Training at USMC Boot Camp - https://www.youtube.com/watch?v=Z9-rhwHkP24
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 USMC Training for Chaos •BAMCIS • Begin planning, Arrange for Reconnaissance and Coordination,Make Reconnaissance, Complete Plan, Issue Order, Supervise • Six troop leading steps by which a leader plans and executes missions • Logical and orderly process that makes the best use of time •Fog of War (Bits) • Uncertainty,hard to see patterns in midst of fog, separate signal from noise •Realistic Training
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 USMC Training for Chaos “Training to be comfortable in a range of environments and stressors”
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Troubleshooting Methodologies •Brainstorming •5 Whys •Statistical Method •Pattern Method •Team Formation •Cisco’s Eight Step Method •OSI Model
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Case Study – 5Ws •Who – Data center that hosts applications for MC wide consumption •What – Users complaining about latency for an application that uses VDI to accomplish computationally intensive imagery manipulation •When – Latency occurs at various times •Where – Latency occurs for various users •Why – ??? Help!!!
Case Study – Network Topology
Case Study – VM Architecture
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 PROBLEM FRAMING
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 PROBLEM FRAMING •How do we tackle complex problems and solve the WHY? •Need solid foundation, that provides flexibility and facilitates multiple troubleshooting methodologies Decision Making in Chaotic Environments Troubleshooting Methodologies
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Problem Framing with Capture Plan • Purpose • State objectives – define the problem • Objective requirements – what must be met to facilitate successful troubleshooting • Network metrics – what are we looking for based off probable cause • Method • Tools • Capture location • Execution • Team composition • TAP installation • Analysis • Troubleshooting steps • Reporting
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 METHOD
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 METHOD • Purpose • State objectives • Objective requirements • Network metrics • Method • Tools • Capture location • Execution • Team composition • TAP installation • Analysis • Troubleshooting steps • Reporting
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Tools •TAPs – Full Duplex, Aggregators, Copper, Optical,Conversion • Viavi nTAP, Profishark 1G, Ixia Net Optics •Capture Devices • Netscout Network Time Machine (1 GB), Viavi Observer GigaStor (10 GB) •Analysis • SteelCentral Packet Analyzer • Wireshark •Virtual Considerations – VMs, Containers, Virtual TAPs
Capture Location Network Topology VM Architecture WAN 1 LAN 2 VM 1 VM 2
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 EXECUTION
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 EXECUTION • Purpose • State objectives • Objective requirements • Network metrics • Method • Tools • Capture location • Execution • Team composition • TAP installation • Analysis • Troubleshooting steps • Reporting
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Team Composition •Problem Manager •Problem Solving Group • Mix of internal and external entities • Internal – network, virtual,DB, server • External – capture & analysis,Windows, VM • Need internal folks to be empowered, recognize when they don’t have the authority,then be proficient in navigating the “policy” waters
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 TAP Installation •In-Brief •Common Concerns •Installation • 300ms ~ 30 sec, Ethernet Autonegotiation •Time Considerations • 24hr soak, during working hours/highprobabilityof event
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Demo “Purpose of demo is to prove the following three items to instill confidence in the client that the TAP is not adverse to their network: • Inserting TAP in a timely manner will not cause an outage to current TCP sessions • Fail to wire • Passive” “Demo showed a simple network between laptop and RaspberryPi, a persistent TCP session created through the use of a counter bash script and netcat, and an nTAP was inserted into the network to show the three items”
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 ANALYSIS
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 ANALYSIS • Purpose • State objectives • Objective requirements • Network metrics • Method • Tools • Capture location • Execution • Team composition • TAP installation • Analysis • Troubleshooting steps • Reporting
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Troubleshooting Steps 1. Define the Problem – 5 Whys, Brainstorming, Problem SolvingGroup 2. Gather Detailed Information–Gain an understandingof architecture from in-house experts, supports Statistical and PatternMethods 3. Consider Probable Cause for Problem – Discuss recent changes, investigatethe network captures, identify the most likely hypotheses 4. Devise Plan to Solve Problem – Conduct preliminary/minimally disruptive testing, schedule testing time/location/equipment/personnel 5. Implement the Plan – Make necessary changesand capturetest results 6. Observe the Results of Implementation– Confirm problem resolution, conduct regression testing 7. Repeat Process if Plan Does Not Initially Solve Problem – Re-define the problem, determine next hypothesis to test, makingchanges incrementally 8. Document the Changes Made to Resolve the Problem – Consolidate informationgathered into network analysis report to communicate the process
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Latency Analysis •Troubleshooting latency: • Network path • Server side • Client side
Statistical Method Client 1 (Mid West) WAN 1 LAN 2 VM 1 VM 2 Size 365.52 MB/ 564,158 pkts 334.62 MB/ 436,434 pkts 132.71 MB/ 290,417 pkts 2.1 GB/ 1,843,248 pkts Average RTT 48 ms 47 ms 955 µs 99 µs Duplicate ACK Errors 10,507 pkts 10,236 pkts N/A 4,413 pkts Retransmission Errors 4,172 pkts 4,030 pkts N/A 744 pkts Lost Segment Errors 160 pkts 154 pkts 61 pkts 140 pkts Zero Window Errors N/A N/A 53 pkts 125 pkts Reset Errors 6 pkts 3 pkts N/A 17 pkts Client 2 (Desert) WAN 1 LAN 2 VM 1 VM 2 Size 26.03 MB/ 178,382 pkts 25.31 MB/ 178,326 pkts 130.96 MB/ 639,031 pkts 1.39 GB/ 1,872,794 pkts Average RTT 70 ms 70 ms 700 µs 168 µs Duplicate ACK Errors 3,769 pkts 3,769 pkts 3 pkts 3,364 pkts Retransmission Errors 307 pkts 297 pkts 3 pkts 484 pkts Lost Segment Errors 116 pkts 117 pkts 53 pkts 35 pkts Zero Window Errors 29 pkts 29 pkts 640 pkts 49 pkts Reset Errors 28 pkts 16 pkts N/A 67 pkts
Statistical Method Client 3 (East Coast) WAN 1 LAN 2 VM 1 VM 2 Size 73.30 MB/ 294,128 pkts 72.13 MB/ 294,128 pkts 166.50 MB/ 490,632 pkts 2.65 GB/ 2,568,391 pkts Average RTT 41 ms 41 ms 759 µs 123 µs Duplicate ACK Errors 2,897 pkts 2,897 pkts 4 pkts 7,707 pkts Retransmission Errors 792 pkts 792 pkts 5 pkts 1,289 pkts Lost Segment Errors 245 pkts 245 pkts 160 pkts 266 pkts Zero Window Errors N/A N/A 603 pkts 91 pkts Reset Errors 64 pkts 64 pkts N/A 35 pkts Client 4 (East Coast) WAN 1 LAN 2 VM 1 VM 2 Size 58.74 MB/ 232,503 pkts 57.72 MB/ 232,125 pkts 31.13 MB/ 135,806 pkts 254.97 MB/ 361,597 pkts Average RTT 37 ms 37 ms 538 µs 148 µs Duplicate ACK Errors 1,781 pkts 1,781 pkts N/A 532 pkts Retransmission Errors 549 pkts 545 pkts 1 pkt 66 pkts Lost Segment Errors 171 pkts 171 pkts 84 pkts 43 pkts Zero Window Errors N/A N/A 39 pkts 10 pkts Reset Errors 33 pkts 25 pkts N/A 25 pkts
Statistical Method Client 5 (California/4G Commercial Network) Client Machine Size 4.22 MB/11,566 pkts Average RTT 104 ms Duplicate ACK Errors 736 pkts Retransmission Errors 604 pkts Lost Segment Errors 178 pkts Out of Order Errors 139 pkts Reset Errors 27 pkts Missing Segments (ACKs) 2 pkts Zero Window Errors 0 pkts
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Network Path Latency Analysis Client (Location) Average RTT User Experience Notes Client 1 (Mid West) 48 ms Good Physically located in the same building as the app, but traverses a network before hitting servers Client 2 (Desert) 70 ms Bad Long time troubled area for app service. Client 3 (East Coast) 41 ms Bad Long time troubled area for app service. Client 4 (East Coast) 37 ms Bad Long time troubled area for app service. Client 5 (West Coast) 104 ms Good Accessed app over a 4G hotspot with the highest RTT observed.
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Network Path Latency Analysis Client (Location) Average RTT User Experience Notes Client 1 (Mid West) 48 ms Good Physically located in the same building as the app, but traverses a network before hitting servers Client 2 (Desert) 70 ms Bad Long time troubled area for app service. Client 3 (East Coast) 41 ms Bad Long time troubled area for app service. Client 4 (East Coast) 37 ms Bad Long time troubled area for app service. Client 5 (West Coast) 104 ms Good Accessed app over a 4G hotspot with the highest RTT observed. “What’s the big deal about 104ms, when we are used to 550ms on SATCOM!?!”
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Client Side Latency Analysis •Inability to capture client side •Pattern Method: • GPO inspection • Standardizedmachine images,but many different ways of patching, updating, and policies taking effect • Standardized Citrix GPO, agreed upon by all stake holders
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Server Side Latency Analysis “Solution: TCP receive buffer at the secure gateway was the culprit and needed to be tuned. The zero window spikes coincided with application crashes for the users - these were confirmed during user tests”
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 QUESTIONS

Recommended

ION Ljubljana - Nathalie Trenaman: World IPv6 Launch and RIPE Atlas Visualisa...
ION Ljubljana - Nathalie Trenaman: World IPv6 Launch and RIPE Atlas Visualisa...ION Ljubljana - Nathalie Trenaman: World IPv6 Launch and RIPE Atlas Visualisa...
ION Ljubljana - Nathalie Trenaman: World IPv6 Launch and RIPE Atlas Visualisa...Deploy360 Programme (Internet Society)
 
Kunal Varshney, VLSI Engineer, Open-Silicon
Kunal Varshney, VLSI Engineer, Open-SiliconKunal Varshney, VLSI Engineer, Open-Silicon
Kunal Varshney, VLSI Engineer, Open-Siliconchiportal
 
MAGPI: Advanced Services: IPv6, Multicast, DNSSEC
MAGPI: Advanced Services: IPv6, Multicast, DNSSECMAGPI: Advanced Services: IPv6, Multicast, DNSSEC
MAGPI: Advanced Services: IPv6, Multicast, DNSSECShumon Huque
 
Simulating the behavior of satellite Internet links to small islands
Simulating the behavior of satellite Internet links to small islandsSimulating the behavior of satellite Internet links to small islands
Simulating the behavior of satellite Internet links to small islandsAPNIC
 
Moreno tfm2012
Moreno tfm2012Moreno tfm2012
Moreno tfm2012Alok Prasad
 
Measuring quality of Internet links in NRENs
Measuring quality of Internet links in NRENsMeasuring quality of Internet links in NRENs
Measuring quality of Internet links in NRENsAFRINIC
 
Multibeam Advisory Committee - 2016 UNOLS FIC Meeting
Multibeam Advisory Committee - 2016 UNOLS FIC MeetingMultibeam Advisory Committee - 2016 UNOLS FIC Meeting
Multibeam Advisory Committee - 2016 UNOLS FIC MeetingVicki Ferrini
 
Blue Waters and Resource Management - Now and in the Future
Blue Waters and Resource Management - Now and in the Future Blue Waters and Resource Management - Now and in the Future
Blue Waters and Resource Management - Now and in the Futureinside-BigData.com
 

Recommended

ION Ljubljana - Nathalie Trenaman: World IPv6 Launch and RIPE Atlas Visualisa...
ION Ljubljana - Nathalie Trenaman: World IPv6 Launch and RIPE Atlas Visualisa...ION Ljubljana - Nathalie Trenaman: World IPv6 Launch and RIPE Atlas Visualisa...
ION Ljubljana - Nathalie Trenaman: World IPv6 Launch and RIPE Atlas Visualisa...Deploy360 Programme (Internet Society)
 
Kunal Varshney, VLSI Engineer, Open-Silicon
Kunal Varshney, VLSI Engineer, Open-SiliconKunal Varshney, VLSI Engineer, Open-Silicon
Kunal Varshney, VLSI Engineer, Open-Siliconchiportal
 
MAGPI: Advanced Services: IPv6, Multicast, DNSSEC
MAGPI: Advanced Services: IPv6, Multicast, DNSSECMAGPI: Advanced Services: IPv6, Multicast, DNSSEC
MAGPI: Advanced Services: IPv6, Multicast, DNSSECShumon Huque
 
Simulating the behavior of satellite Internet links to small islands
Simulating the behavior of satellite Internet links to small islandsSimulating the behavior of satellite Internet links to small islands
Simulating the behavior of satellite Internet links to small islandsAPNIC
 
Moreno tfm2012
Moreno tfm2012Moreno tfm2012
Moreno tfm2012Alok Prasad
 
Measuring quality of Internet links in NRENs
Measuring quality of Internet links in NRENsMeasuring quality of Internet links in NRENs
Measuring quality of Internet links in NRENsAFRINIC
 
Multibeam Advisory Committee - 2016 UNOLS FIC Meeting
Multibeam Advisory Committee - 2016 UNOLS FIC MeetingMultibeam Advisory Committee - 2016 UNOLS FIC Meeting
Multibeam Advisory Committee - 2016 UNOLS FIC MeetingVicki Ferrini
 
Blue Waters and Resource Management - Now and in the Future
Blue Waters and Resource Management - Now and in the Future Blue Waters and Resource Management - Now and in the Future
Blue Waters and Resource Management - Now and in the Futureinside-BigData.com
 
Time-oriented event search. A new level of scale
Time-oriented event search. A new level of scale Time-oriented event search. A new level of scale
Time-oriented event search. A new level of scale DataWorks Summit/Hadoop Summit
 
PPT for ParkNet Dfive-by Sensing of Road-Side Parking Statistics
PPT for ParkNet Dfive-by Sensing of Road-Side Parking StatisticsPPT for ParkNet Dfive-by Sensing of Road-Side Parking Statistics
PPT for ParkNet Dfive-by Sensing of Road-Side Parking StatisticsShivamGupta603083
 
the 10 Top Wireshark Tips & Tricks Megumi Takeshita Sharkfest2017
the 10 Top Wireshark Tips & Tricks Megumi Takeshita Sharkfest2017the 10 Top Wireshark Tips & Tricks Megumi Takeshita Sharkfest2017
the 10 Top Wireshark Tips & Tricks Megumi Takeshita Sharkfest2017Megumi Takeshita
 
Using ScyllaDB with JanusGraph for Cyber Security
Using ScyllaDB with JanusGraph for Cyber SecurityUsing ScyllaDB with JanusGraph for Cyber Security
Using ScyllaDB with JanusGraph for Cyber SecurityScyllaDB
 
Built around answering questions
Built around answering questionsBuilt around answering questions
Built around answering questionsLarry Smarr
 
In-Service Monitoring of PTP Performance
In-Service Monitoring of PTP PerformanceIn-Service Monitoring of PTP Performance
In-Service Monitoring of PTP PerformanceADVA
 
Spark at NASA/JPL-(Chris Mattmann, NASA/JPL)
Spark at NASA/JPL-(Chris Mattmann, NASA/JPL)Spark at NASA/JPL-(Chris Mattmann, NASA/JPL)
Spark at NASA/JPL-(Chris Mattmann, NASA/JPL)Spark Summit
 
Mapping K-PowerNet’s Fiber Optic Network
Mapping K-PowerNet’s Fiber Optic NetworkMapping K-PowerNet’s Fiber Optic Network
Mapping K-PowerNet’s Fiber Optic NetworkScott Kusselson
 
Introduction to Data streaming - 05/12/2014
Introduction to Data streaming - 05/12/2014Introduction to Data streaming - 05/12/2014
Introduction to Data streaming - 05/12/2014Raja Chiky
 
Velocity london 2012 bbc olympics
Velocity london 2012 bbc olympicsVelocity london 2012 bbc olympics
Velocity london 2012 bbc olympicsAndrew Brockhurst
 
MSR 2009
MSR 2009MSR 2009
MSR 2009swy351
 
Webinar: Are you ready for your peak season?
Webinar: Are you ready for your peak season?Webinar: Are you ready for your peak season?
Webinar: Are you ready for your peak season?Jennifer Finney
 
Couchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedIn
Couchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedInCouchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedIn
Couchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedInMichael Kehoe
 
Understanding and Designing Ultra low latency systems | Low Latency | Ultra L...
Understanding and Designing Ultra low latency systems | Low Latency | Ultra L...Understanding and Designing Ultra low latency systems | Low Latency | Ultra L...
Understanding and Designing Ultra low latency systems | Low Latency | Ultra L...Anand Narayanan
 
Better Customer Experience with Data Science - Bernard Burg, Comcast
Better Customer Experience with Data Science - Bernard Burg, ComcastBetter Customer Experience with Data Science - Bernard Burg, Comcast
Better Customer Experience with Data Science - Bernard Burg, ComcastSri Ambati
 
Traffic Matrices and its measurement
Traffic Matrices and its measurementTraffic Matrices and its measurement
Traffic Matrices and its measurementeetacupc
 
Hotspot Garbage Collection - Tuning Guide
Hotspot Garbage Collection - Tuning GuideHotspot Garbage Collection - Tuning Guide
Hotspot Garbage Collection - Tuning GuidejClarity
 
True Reusable Code - DevSum2016
True Reusable Code - DevSum2016True Reusable Code - DevSum2016
True Reusable Code - DevSum2016Eduard Lazar
 
Evolving Beyond the Data Lake: A Story of Wind and Rain
Evolving Beyond the Data Lake: A Story of Wind and RainEvolving Beyond the Data Lake: A Story of Wind and Rain
Evolving Beyond the Data Lake: A Story of Wind and RainMapR Technologies
 
TrueReusableCode-BigDataCodeCamp2016
TrueReusableCode-BigDataCodeCamp2016TrueReusableCode-BigDataCodeCamp2016
TrueReusableCode-BigDataCodeCamp2016Eduard Lazar
 

More Related Content

Similar to SharkFest16_Palm_Online

PPT for ParkNet Dfive-by Sensing of Road-Side Parking Statistics
PPT for ParkNet Dfive-by Sensing of Road-Side Parking StatisticsPPT for ParkNet Dfive-by Sensing of Road-Side Parking Statistics
PPT for ParkNet Dfive-by Sensing of Road-Side Parking StatisticsShivamGupta603083
 
the 10 Top Wireshark Tips & Tricks Megumi Takeshita Sharkfest2017
the 10 Top Wireshark Tips & Tricks Megumi Takeshita Sharkfest2017the 10 Top Wireshark Tips & Tricks Megumi Takeshita Sharkfest2017
the 10 Top Wireshark Tips & Tricks Megumi Takeshita Sharkfest2017Megumi Takeshita
 
Using ScyllaDB with JanusGraph for Cyber Security
Using ScyllaDB with JanusGraph for Cyber SecurityUsing ScyllaDB with JanusGraph for Cyber Security
Using ScyllaDB with JanusGraph for Cyber SecurityScyllaDB
 
Built around answering questions
Built around answering questionsBuilt around answering questions
Built around answering questionsLarry Smarr
 
In-Service Monitoring of PTP Performance
In-Service Monitoring of PTP PerformanceIn-Service Monitoring of PTP Performance
In-Service Monitoring of PTP PerformanceADVA
 
Spark at NASA/JPL-(Chris Mattmann, NASA/JPL)
Spark at NASA/JPL-(Chris Mattmann, NASA/JPL)Spark at NASA/JPL-(Chris Mattmann, NASA/JPL)
Spark at NASA/JPL-(Chris Mattmann, NASA/JPL)Spark Summit
 
Mapping K-PowerNet’s Fiber Optic Network
Mapping K-PowerNet’s Fiber Optic NetworkMapping K-PowerNet’s Fiber Optic Network
Mapping K-PowerNet’s Fiber Optic NetworkScott Kusselson
 
Introduction to Data streaming - 05/12/2014
Introduction to Data streaming - 05/12/2014Introduction to Data streaming - 05/12/2014
Introduction to Data streaming - 05/12/2014Raja Chiky
 
Velocity london 2012 bbc olympics
Velocity london 2012 bbc olympicsVelocity london 2012 bbc olympics
Velocity london 2012 bbc olympicsAndrew Brockhurst
 
MSR 2009
MSR 2009MSR 2009
MSR 2009swy351
 
Webinar: Are you ready for your peak season?
Webinar: Are you ready for your peak season?Webinar: Are you ready for your peak season?
Webinar: Are you ready for your peak season?Jennifer Finney
 
Couchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedIn
Couchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedInCouchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedIn
Couchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedInMichael Kehoe
 
Understanding and Designing Ultra low latency systems | Low Latency | Ultra L...
Understanding and Designing Ultra low latency systems | Low Latency | Ultra L...Understanding and Designing Ultra low latency systems | Low Latency | Ultra L...
Understanding and Designing Ultra low latency systems | Low Latency | Ultra L...Anand Narayanan
 
Better Customer Experience with Data Science - Bernard Burg, Comcast
Better Customer Experience with Data Science - Bernard Burg, ComcastBetter Customer Experience with Data Science - Bernard Burg, Comcast
Better Customer Experience with Data Science - Bernard Burg, ComcastSri Ambati
 
Traffic Matrices and its measurement
Traffic Matrices and its measurementTraffic Matrices and its measurement
Traffic Matrices and its measurementeetacupc
 
Hotspot Garbage Collection - Tuning Guide
Hotspot Garbage Collection - Tuning GuideHotspot Garbage Collection - Tuning Guide
Hotspot Garbage Collection - Tuning GuidejClarity
 
True Reusable Code - DevSum2016
True Reusable Code - DevSum2016True Reusable Code - DevSum2016
True Reusable Code - DevSum2016Eduard Lazar
 
Evolving Beyond the Data Lake: A Story of Wind and Rain
Evolving Beyond the Data Lake: A Story of Wind and RainEvolving Beyond the Data Lake: A Story of Wind and Rain
Evolving Beyond the Data Lake: A Story of Wind and RainMapR Technologies
 
TrueReusableCode-BigDataCodeCamp2016
TrueReusableCode-BigDataCodeCamp2016TrueReusableCode-BigDataCodeCamp2016
TrueReusableCode-BigDataCodeCamp2016Eduard Lazar
 

Similar to SharkFest16_Palm_Online (20)

Time-oriented event search. A new level of scale
Time-oriented event search. A new level of scale Time-oriented event search. A new level of scale
Time-oriented event search. A new level of scale
 
PPT for ParkNet Dfive-by Sensing of Road-Side Parking Statistics
PPT for ParkNet Dfive-by Sensing of Road-Side Parking StatisticsPPT for ParkNet Dfive-by Sensing of Road-Side Parking Statistics
PPT for ParkNet Dfive-by Sensing of Road-Side Parking Statistics
 
the 10 Top Wireshark Tips & Tricks Megumi Takeshita Sharkfest2017
the 10 Top Wireshark Tips & Tricks Megumi Takeshita Sharkfest2017the 10 Top Wireshark Tips & Tricks Megumi Takeshita Sharkfest2017
the 10 Top Wireshark Tips & Tricks Megumi Takeshita Sharkfest2017
 
Using ScyllaDB with JanusGraph for Cyber Security
Using ScyllaDB with JanusGraph for Cyber SecurityUsing ScyllaDB with JanusGraph for Cyber Security
Using ScyllaDB with JanusGraph for Cyber Security
 
Built around answering questions
Built around answering questionsBuilt around answering questions
Built around answering questions
 
In-Service Monitoring of PTP Performance
In-Service Monitoring of PTP PerformanceIn-Service Monitoring of PTP Performance
In-Service Monitoring of PTP Performance
 
Spark at NASA/JPL-(Chris Mattmann, NASA/JPL)
Spark at NASA/JPL-(Chris Mattmann, NASA/JPL)Spark at NASA/JPL-(Chris Mattmann, NASA/JPL)
Spark at NASA/JPL-(Chris Mattmann, NASA/JPL)
 
Mapping K-PowerNet’s Fiber Optic Network
Mapping K-PowerNet’s Fiber Optic NetworkMapping K-PowerNet’s Fiber Optic Network
Mapping K-PowerNet’s Fiber Optic Network
 
Introduction to Data streaming - 05/12/2014
Introduction to Data streaming - 05/12/2014Introduction to Data streaming - 05/12/2014
Introduction to Data streaming - 05/12/2014
 
Velocity london 2012 bbc olympics
Velocity london 2012 bbc olympicsVelocity london 2012 bbc olympics
Velocity london 2012 bbc olympics
 
MSR 2009
MSR 2009MSR 2009
MSR 2009
 
Webinar: Are you ready for your peak season?
Webinar: Are you ready for your peak season?Webinar: Are you ready for your peak season?
Webinar: Are you ready for your peak season?
 
Couchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedIn
Couchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedInCouchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedIn
Couchbase Connect 2016: Monitoring Production Deployments The Tools – LinkedIn
 
Understanding and Designing Ultra low latency systems | Low Latency | Ultra L...
Understanding and Designing Ultra low latency systems | Low Latency | Ultra L...Understanding and Designing Ultra low latency systems | Low Latency | Ultra L...
Understanding and Designing Ultra low latency systems | Low Latency | Ultra L...
 
Better Customer Experience with Data Science - Bernard Burg, Comcast
Better Customer Experience with Data Science - Bernard Burg, ComcastBetter Customer Experience with Data Science - Bernard Burg, Comcast
Better Customer Experience with Data Science - Bernard Burg, Comcast
 
Traffic Matrices and its measurement
Traffic Matrices and its measurementTraffic Matrices and its measurement
Traffic Matrices and its measurement
 
Hotspot Garbage Collection - Tuning Guide
Hotspot Garbage Collection - Tuning GuideHotspot Garbage Collection - Tuning Guide
Hotspot Garbage Collection - Tuning Guide
 
True Reusable Code - DevSum2016
True Reusable Code - DevSum2016True Reusable Code - DevSum2016
True Reusable Code - DevSum2016
 
Evolving Beyond the Data Lake: A Story of Wind and Rain
Evolving Beyond the Data Lake: A Story of Wind and RainEvolving Beyond the Data Lake: A Story of Wind and Rain
Evolving Beyond the Data Lake: A Story of Wind and Rain
 
TrueReusableCode-BigDataCodeCamp2016
TrueReusableCode-BigDataCodeCamp2016TrueReusableCode-BigDataCodeCamp2016
TrueReusableCode-BigDataCodeCamp2016
 

SharkFest16_Palm_Online

  • 1. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 SharkFest ‘16 Troubleshooting a Multi-Tier Application in a Production Environment Brad Palm June 16, 2016 Lead Engineer | Marine Corps Network Efficiency Lab
  • 2. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 DISCLAIMER “The views expressed in this presentation are my own and do not necessarily represent the views of the United States Marine Corps, Department of Defense, or the United States Government.”
  • 3. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 AGENDA •Background •Problem Framing •Method •Execution •Analysis •Questions
  • 4. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 BACKGROUND
  • 5. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 BACKGROUND •Training for Decision Making in Chaotic Environments •Troubleshooting Methodologies •Case Study
  • 6. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Video of Chaotic Training at USMC Boot Camp - https://www.youtube.com/watch?v=Z9-rhwHkP24
  • 7. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 USMC Training for Chaos •BAMCIS • Begin planning, Arrange for Reconnaissance and Coordination,Make Reconnaissance, Complete Plan, Issue Order, Supervise • Six troop leading steps by which a leader plans and executes missions • Logical and orderly process that makes the best use of time •Fog of War (Bits) • Uncertainty,hard to see patterns in midst of fog, separate signal from noise •Realistic Training
  • 8. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 USMC Training for Chaos “Training to be comfortable in a range of environments and stressors”
  • 9. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Troubleshooting Methodologies •Brainstorming •5 Whys •Statistical Method •Pattern Method •Team Formation •Cisco’s Eight Step Method •OSI Model
  • 10. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Case Study – 5Ws •Who – Data center that hosts applications for MC wide consumption •What – Users complaining about latency for an application that uses VDI to accomplish computationally intensive imagery manipulation •When – Latency occurs at various times •Where – Latency occurs for various users •Why – ??? Help!!!
  • 11. Case Study – Network Topology
  • 12. Case Study – VM Architecture
  • 13. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 PROBLEM FRAMING
  • 14. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 PROBLEM FRAMING •How do we tackle complex problems and solve the WHY? •Need solid foundation, that provides flexibility and facilitates multiple troubleshooting methodologies Decision Making in Chaotic Environments Troubleshooting Methodologies
  • 15. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Problem Framing with Capture Plan • Purpose • State objectives – define the problem • Objective requirements – what must be met to facilitate successful troubleshooting • Network metrics – what are we looking for based off probable cause • Method • Tools • Capture location • Execution • Team composition • TAP installation • Analysis • Troubleshooting steps • Reporting
  • 16. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 METHOD
  • 17. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 METHOD • Purpose • State objectives • Objective requirements • Network metrics • Method • Tools • Capture location • Execution • Team composition • TAP installation • Analysis • Troubleshooting steps • Reporting
  • 18. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Tools •TAPs – Full Duplex, Aggregators, Copper, Optical,Conversion • Viavi nTAP, Profishark 1G, Ixia Net Optics •Capture Devices • Netscout Network Time Machine (1 GB), Viavi Observer GigaStor (10 GB) •Analysis • SteelCentral Packet Analyzer • Wireshark •Virtual Considerations – VMs, Containers, Virtual TAPs
  • 19. Capture Location Network Topology VM Architecture WAN 1 LAN 2 VM 1 VM 2
  • 20. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 EXECUTION
  • 21. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 EXECUTION • Purpose • State objectives • Objective requirements • Network metrics • Method • Tools • Capture location • Execution • Team composition • TAP installation • Analysis • Troubleshooting steps • Reporting
  • 22. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Team Composition •Problem Manager •Problem Solving Group • Mix of internal and external entities • Internal – network, virtual,DB, server • External – capture & analysis,Windows, VM • Need internal folks to be empowered, recognize when they don’t have the authority,then be proficient in navigating the “policy” waters
  • 23. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 TAP Installation •In-Brief •Common Concerns •Installation • 300ms ~ 30 sec, Ethernet Autonegotiation •Time Considerations • 24hr soak, during working hours/highprobabilityof event
  • 24. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Demo “Purpose of demo is to prove the following three items to instill confidence in the client that the TAP is not adverse to their network: • Inserting TAP in a timely manner will not cause an outage to current TCP sessions • Fail to wire • Passive” “Demo showed a simple network between laptop and RaspberryPi, a persistent TCP session created through the use of a counter bash script and netcat, and an nTAP was inserted into the network to show the three items”
  • 25. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 ANALYSIS
  • 26. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 ANALYSIS • Purpose • State objectives • Objective requirements • Network metrics • Method • Tools • Capture location • Execution • Team composition • TAP installation • Analysis • Troubleshooting steps • Reporting
  • 27. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Troubleshooting Steps 1. Define the Problem – 5 Whys, Brainstorming, Problem SolvingGroup 2. Gather Detailed Information–Gain an understandingof architecture from in-house experts, supports Statistical and PatternMethods 3. Consider Probable Cause for Problem – Discuss recent changes, investigatethe network captures, identify the most likely hypotheses 4. Devise Plan to Solve Problem – Conduct preliminary/minimally disruptive testing, schedule testing time/location/equipment/personnel 5. Implement the Plan – Make necessary changesand capturetest results 6. Observe the Results of Implementation– Confirm problem resolution, conduct regression testing 7. Repeat Process if Plan Does Not Initially Solve Problem – Re-define the problem, determine next hypothesis to test, makingchanges incrementally 8. Document the Changes Made to Resolve the Problem – Consolidate informationgathered into network analysis report to communicate the process
  • 28. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Latency Analysis •Troubleshooting latency: • Network path • Server side • Client side
  • 29. Statistical Method Client 1 (Mid West) WAN 1 LAN 2 VM 1 VM 2 Size 365.52 MB/ 564,158 pkts 334.62 MB/ 436,434 pkts 132.71 MB/ 290,417 pkts 2.1 GB/ 1,843,248 pkts Average RTT 48 ms 47 ms 955 µs 99 µs Duplicate ACK Errors 10,507 pkts 10,236 pkts N/A 4,413 pkts Retransmission Errors 4,172 pkts 4,030 pkts N/A 744 pkts Lost Segment Errors 160 pkts 154 pkts 61 pkts 140 pkts Zero Window Errors N/A N/A 53 pkts 125 pkts Reset Errors 6 pkts 3 pkts N/A 17 pkts Client 2 (Desert) WAN 1 LAN 2 VM 1 VM 2 Size 26.03 MB/ 178,382 pkts 25.31 MB/ 178,326 pkts 130.96 MB/ 639,031 pkts 1.39 GB/ 1,872,794 pkts Average RTT 70 ms 70 ms 700 µs 168 µs Duplicate ACK Errors 3,769 pkts 3,769 pkts 3 pkts 3,364 pkts Retransmission Errors 307 pkts 297 pkts 3 pkts 484 pkts Lost Segment Errors 116 pkts 117 pkts 53 pkts 35 pkts Zero Window Errors 29 pkts 29 pkts 640 pkts 49 pkts Reset Errors 28 pkts 16 pkts N/A 67 pkts
  • 30. Statistical Method Client 3 (East Coast) WAN 1 LAN 2 VM 1 VM 2 Size 73.30 MB/ 294,128 pkts 72.13 MB/ 294,128 pkts 166.50 MB/ 490,632 pkts 2.65 GB/ 2,568,391 pkts Average RTT 41 ms 41 ms 759 µs 123 µs Duplicate ACK Errors 2,897 pkts 2,897 pkts 4 pkts 7,707 pkts Retransmission Errors 792 pkts 792 pkts 5 pkts 1,289 pkts Lost Segment Errors 245 pkts 245 pkts 160 pkts 266 pkts Zero Window Errors N/A N/A 603 pkts 91 pkts Reset Errors 64 pkts 64 pkts N/A 35 pkts Client 4 (East Coast) WAN 1 LAN 2 VM 1 VM 2 Size 58.74 MB/ 232,503 pkts 57.72 MB/ 232,125 pkts 31.13 MB/ 135,806 pkts 254.97 MB/ 361,597 pkts Average RTT 37 ms 37 ms 538 µs 148 µs Duplicate ACK Errors 1,781 pkts 1,781 pkts N/A 532 pkts Retransmission Errors 549 pkts 545 pkts 1 pkt 66 pkts Lost Segment Errors 171 pkts 171 pkts 84 pkts 43 pkts Zero Window Errors N/A N/A 39 pkts 10 pkts Reset Errors 33 pkts 25 pkts N/A 25 pkts
  • 31. Statistical Method Client 5 (California/4G Commercial Network) Client Machine Size 4.22 MB/11,566 pkts Average RTT 104 ms Duplicate ACK Errors 736 pkts Retransmission Errors 604 pkts Lost Segment Errors 178 pkts Out of Order Errors 139 pkts Reset Errors 27 pkts Missing Segments (ACKs) 2 pkts Zero Window Errors 0 pkts
  • 32. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Network Path Latency Analysis Client (Location) Average RTT User Experience Notes Client 1 (Mid West) 48 ms Good Physically located in the same building as the app, but traverses a network before hitting servers Client 2 (Desert) 70 ms Bad Long time troubled area for app service. Client 3 (East Coast) 41 ms Bad Long time troubled area for app service. Client 4 (East Coast) 37 ms Bad Long time troubled area for app service. Client 5 (West Coast) 104 ms Good Accessed app over a 4G hotspot with the highest RTT observed.
  • 33. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Network Path Latency Analysis Client (Location) Average RTT User Experience Notes Client 1 (Mid West) 48 ms Good Physically located in the same building as the app, but traverses a network before hitting servers Client 2 (Desert) 70 ms Bad Long time troubled area for app service. Client 3 (East Coast) 41 ms Bad Long time troubled area for app service. Client 4 (East Coast) 37 ms Bad Long time troubled area for app service. Client 5 (West Coast) 104 ms Good Accessed app over a 4G hotspot with the highest RTT observed. “What’s the big deal about 104ms, when we are used to 550ms on SATCOM!?!”
  • 34. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Client Side Latency Analysis •Inability to capture client side •Pattern Method: • GPO inspection • Standardizedmachine images,but many different ways of patching, updating, and policies taking effect • Standardized Citrix GPO, agreed upon by all stake holders
  • 35. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Server Side Latency Analysis “Solution: TCP receive buffer at the secure gateway was the culprit and needed to be tuned. The zero window spikes coincided with application crashes for the users - these were confirmed during user tests”
  • 36. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 QUESTIONS