7 Ways to Improve Network Troubleshooting | NetQoS


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

7 Ways to Improve Network Troubleshooting | NetQoS

  1. 1. WHITEPAPER Seven Ways to Improve Network Troubleshooting Using Retrospective Network Analysis and NetQoS® GigaStor™ Often application and network performance problems go undiagnosed and unresolved as engineers struggle to recreate intermittent problems. Reducing or eliminating the time needed to recreate these problems allows engineers to solve problems faster, reducing the mean time to repair. This paper examines the concept of Retrospective Network Analysis (RNA)—capturing and storing significant network traffic data to be analyzed at a later date—and illustrates how using GigaStor to enable RNA can help network engineers streamline network troubleshooting. It also details critical issues IT managers should consider when choosing an RNA solution.
  2. 2. Seven Ways to Improve Network Troubleshooting Using Retrospective Network Analysis (RNA) and NetQoS GigaStor Everyone’s heard at some point: “I can’t recreate the problem, let me know if it happens again.” It is a common problem in today's complex networking environments. The scenario often goes like this: an end user calls the help desk to complain about application performance. If the help desk identifies it as a network issue, a trouble ticket is issued to a network engineer who plugs in the packet analyzer to watch the traffic, waiting until the problem presents itself again—making the engineer a watcher, not a doer. Still Watching and Waiting for Another Incident? For several years, network engineers have had analysis tools capture statistics about what is going on in the network at the packet level. The limitation of using these tools to diagnose problems is that it is a reactive solution, requiring IT staff to spend time watching and waiting to identify a problem instead of developing the solution. This waiting is expensive and annoying for everyone. As network engineers become increasingly accountable for the performance of applications that run over their networks, they need a better, more proactive approach to troubleshooting. With the growing complexity surrounding today’s corporate networks, it is more challenging than ever to capture relevant diagnostic information—as the most important diagnostic information exists at the time leading up to the problem and when the problem occurs, and not after the fact. The Alternative to Watching and Waiting—Retrospective Network Analysis With Retrospective Network Analysis or RNA enabled by the GigaStor packet collection device from NetQoS, it is no longer necessary to recreate a problem on the network. That’s because GigaStor captures everything traversing the network at wire-speed. The GigaStor integrated Observer Expert® software then enables back-in-time analysis for fast identification of the cause of network problems. RNA and NetQoS GigaStor give network engineers at least seven new ways to speed network troubleshooting. 1. Speed Resolution by Eliminating the Need to Recreate Problems Instead of collecting packet captures after a performance issue, network engineers can go back in time to replay the stream for the time leading up to and during the performance issue, and get expert analysis to identify the cause and resolve the problem faster. Pg. 2 Copyright 2007 NetQoS, Inc. 877.835.9575 www.netqos.com
  3. 3. Figure 1. NetQoS GigaStor continuously stores traffic for faster network troubleshooting By capturing everything to disk, when network engineers become aware of a problem, they can go back in time, replay the packet stream, and perform typical network analysis after the fact, or “retrospectively.” RNA allows them to solve problems faster by eliminating problem recreation and reducing the mean time to repair. This results in a large benefit to IT organizations with already-stretched IT resources. Removing problem recreation from the troubleshooting process can result in significant productivity improvements and boost IT credibility in the organization. 2. Reduce Risk by Capturing Before and After Snapshots of the Network With the data captured and stored by the GigaStor, IT can also reduce risk. Complexity in today’s network infrastructure is at an all-time high. Multi-tiered applications, converged voice and data networks, datacenter consolidations, and increased requirements for remote and mobile workers make managing the infrastructure for application performance more challenging because decisions must often be made with limited information. Network behavior is most likely to be disrupted as soon as changes are made in the network environment. Instead of waiting for disruption to occur, IT can begin monitoring and keep a catalogue of the network behavior before and after changes. If problems occur, the GigaStor gives network teams the packet level visibility they need to understand what was impacted when the change was implemented. Pg. 3 Copyright 2007 NetQoS, Inc. 877.835.9575 www.netqos.com
  4. 4. 3. See Exactly What Users See To effectively conduct RNA, network engineers must be able to reconstruct web pages—to see a web page exactly how the end-user saw it. That way the error is seen directly instead of relying on the end user to provide a useful and accurate description. When someone says: “I keep trying to get to our Intranet site and it just isn’t working,” the troubleshooting team can see exactly what it was that the user experienced by looking at the information captured to disk by the GigaStor. Was there an error on the page? Was the problem that most of the page downloaded but the images didn’t compress? The engineers can even view each individual page component, down to individual .gif files and ActiveX controls. 4. Improve Efficiency by Conducting Packet Analysis Locally Unlike traditional packet capture and analysis products, GigaStor RNA is performed locally without the need to transfer packet data from the internal disk array across the network to a separate computer. Analysis software that IT teams would normally use on their laptops and desktops to perform this analysis resides on the GigaStor appliance. This means that not only much less data is traversing the network at analysis time, but also analysis of large data sets is faster because there is no data transfer delay. The GigaStor integrated Observer Expert analysis software can decode traffic like traditional packet analyzers, only now it can be done both in real time as the traffic is crossing the network and retrospectively. Figure 2. The GigaStor control panel Pg. 4 Copyright 2007 NetQoS, Inc. 877.835.9575 www.netqos.com
  5. 5. Figure 3. Multi-Hop Analysis with Observer Expert 5. Investigating Network Policy Violations RNA also enables engineers to investigate network policy violations or compliance issues. GigaStor can reassemble packet streams and recreate e-mails, visits to web sites, instant messaging sessions, and VoIP calls. The appliance performs real-time Expert processing locally rather than transferring the packet capture over the network to a separate console. 6. Comply with Mandates by Archiving Communications Other benefits of RNA with GigaStor can be beneficial to specific industries. For example, to comply with the Freedom of Information Act, government entities must archive instant messaging chat sessions, and that is difficult. Government entities that operate their own instant messaging servers know they can be severe security risks. Using a GigaStor device, they can create a filter to capture just the instant messaging conversations on that link and write them to disk, and eventually to tape archive. 7. Recapture Lost Communications with Instant Replay Capabilities GigaStor also helps keep track of communications. Network professionals can play back lost e-mails, and if a VoIP system is in place, voice calls can be replayed without tapping into the phone system. Pg. 5 Copyright 2007 NetQoS, Inc. 877.835.9575 www.netqos.com
  6. 6. The Key to RNA: Capturing and Storing Network Traffic Data—Lots of It GigaStor from NetQoS provides complete visibility into the traffic that traverses the network. By storing all of the data, managers don’t have to guess at what they will need to know tomorrow. They will be able to access the right information to make the right decision because all of the pertinent information is available to them. The GigaStor appliance connects to a span port or a tap, and it captures and stores network traffic. Most analyzers can monitor network traffic and keep statistics for tracking and reporting. Most can also launch a packet capture when configured. GigaStor continuously stores traffic so that when a network engineer needs to troubleshoot an issue all the packets are available for inspection. No more waiting to recreate the problem. Critical Factors in Designing RNA Systems In designing an RNA system, there are a number of elements to consider including: » An RNA system must be able to capture data on the wire at line speed even when network traffic is bursty; otherwise packets are dropped. The GigaStor proprietary Gen2 NIC capture card has 4-8 ports (4 full-duplex links) and has been optimized to capture and store network packets to disk. It can monitor 4-8 spans or 2-4 full-duplex links of various link types such as WAN links, Gbps span ports, or fibre channel traffic. » Disk write speed must be sufficient to keep up with the traffic captured off the wire. Capturing all the packets is of little value if they are lost before they can be stored. For example, monitoring 8 Gbps span ports averaging 37% utilization means an RNA product must be able to write to disk at 2.9 Gbps or it will not be able to keep up. GigaStor is able to do this. RAID disk arrays allow disks to be written to simultaneously. GigaStor includes a specialized 16 disk RAID array for a throughput of 3.2 Gbps. » To avoid data loss the capture buffer must be sufficiently large to store packets captured off the wire before they can be written to disk. While some RNA devices can write faster than your average load, atypical loads—bursts of traffic—present problems. » The amount of storage in an RNA device determines how long it can store data. Two storage choices are: internal disks or a storage area network (SAN). The amount of traffic traversing a network can be massive. A plan that starts out as, “I’m going to keep months and months of data” often becomes, “I’m going to keep a few days of data and archive the rest.” GigaStor provides up to 12 TB of local data storage to handle very large data storage requirements. NetQoS GigaStor can also support up to 12GB of RAM as a buffer, the largest in the industry. This makes it possible to capture bursts in network traffic. Many times, only a few seconds of traffic bursts need be buffered. As traffic bursts can be a symptom of a problem, capturing that particular traffic is very important. Pg. 6 Copyright 2007 NetQoS, Inc. 877.835.9575 www.netqos.com
  7. 7. All these components determine exactly how much retrospective analysis a user can perform. Summary An RNA system must be fast enough to capture all the data on the wire, write it to disk quickly, have enough storage space for the data, and have enough buffer memory to handle bursts in traffic. By continuously capturing and storing large amounts of network traffic data, the GigaStor device and its Observer Expert Retrospective Network Analysis software enable network engineers to identify and solve problems faster. IT organizations can reduce risk, know what users experience, analyze data at the packet level, and investigate network policy violations. Pg. 7 Copyright 2007 NetQoS, Inc. 877.835.9575 www.netqos.com
  8. 8. About GigaStor GigaStor is a retrospective network analysis (RNA) solution capable of storing terabytes of packet-level traffic to disk for network analysis on a variety of full-duplex network topologies, including WAN, LAN, Fibre Channel, wireless, gigabit, and 10 Gigabit (10 GbE). This data can be used to analyze network performance, mission-critical connections, and intermittent issues with the GigaStor unique time-based navigation utility. When investigating network performance issues, the GigaStor eliminates the need to recreate a problem on the network. For investigating network policy violations or compliance issues, the GigaStor reassembles packet streams and recreates e-mails, visits to web sites, IM sessions, and VoIP calls. The appliance performs real-time Expert processing at the probe rather than transferring the packet capture over the network to the console. The GigaStor has a 64-bit core and can capture up to 12 TB, or offload to a SAN. About NetQoS NetQoS is the fastest growing network performance management products and services provider. NetQoS has enabled hundreds of the world’s largest organizations to take a Performance First approach to network management— the new vanguard in ensuring optimal application delivery across the WAN. By focusing on the performance of key applications running over the network and identifying where there is opportunity for improvement, IT organizations can make more informed infrastructure investments and resolve problems that impact the business. Today, NetQoS is the only vendor that can provide global visibility for the world’s largest enterprises into all key metrics necessary to take a Performance First management approach. More information is available at www.netqos.com. Pg. 8 Copyright 2007 NetQoS, Inc. 877.835.9575 www.netqos.com
  9. 9. NetQoS Global Headquarters 5001 Plaza On The Lake Austin, TX 78746 Phone: 512.407.9443 Toll-Free: 877.835.9575 Fax: 512.407.8629 NetQoS EMEA 1650 Arlington Business Park Theale Reading, RG7 4SA Phone: + 44 (0) 118 929 8032 Fax: + 44 (0) 118 929 8033 NetQoS APAC NetQoS Singapore Representative Office Level 21, Centennial Tower 3 Temasek Ave., Singapore 039190 Phone: + 65 6549 7476 Fax: + 65 6549 7001 Website: www.netqos.com E-mail: sales@netqos.com © 2001-2008 NetQoS, Inc. All rights reserved. NetQoS, the NetQoS logo, SuperAgent, and NetVoyant are registered trademarks of NetQoS, Inc. ReporterAnalyzer and Allocate are trademarks of NetQoS, Inc. Other brands, product names and trademarks are property of their respective owners. WP rev3 20080404 Pg. 9 Copyright 2007 NetQoS, Inc. 877.835.9575 www.netqos.com